Login Sign Up

CVE-2024-35801

5.5 MEDIUM
Denial of Service

📋 TL;DR

A Linux kernel vulnerability where cached XFD state becomes out of sync with the actual MSR_IA32_XFD register during CPU hotplug events. This can cause XRSTOR operations to fail with a #NM exception, leading to kernel crashes. Affects Linux systems with XFD-capable CPUs (Intel AMX/TMUL) when CPU hotplug operations occur.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions between the introduction of XFD caching (commits 672365477ae8 and 8bf26758ca96) and the fix commits listed in references.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires XFD-capable CPUs (Intel AMX/TMUL) and CPU hotplug operations to trigger.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic and system crash, causing denial of service and potential data loss or corruption.

🟠

Likely Case

System crash during CPU hotplug events or when using XFD-related features, resulting in downtime.

🟢

If Mitigated

No impact if patched or if XFD features are not used.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger CPU hotplug events.
🏢 Internal Only: MEDIUM - Internal users or processes with sufficient privileges could trigger CPU hotplug events.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering CPU hotplug events and using XFD features, typically requiring local access and specific conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 10e4b5166df9ff7a2d5316138ca668b42d004422, 1acbca933313aa866e39996904c9aca4d435c4cd, 21c7c00dae55cb0e3810d5f9506b58f68475d41d, 92b0f04e937665bde5768f3fcc622dcce44413d8, b61e3b7055ac6edee4be071c52f48c26472d2624

Vendor Advisory: https://git.kernel.org/stable/c/10e4b5166df9ff7a2d5316138ca668b42d004422

Restart Required: Yes

Instructions:

1. Update Linux kernel to a version containing the fix commits. 2. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable CPU hotplug

linux

Prevent CPU hotplug operations that trigger the vulnerability.

echo 0 > /sys/devices/system/cpu/cpuX/online (for specific CPUs)
Configure system to avoid CPU hotplug via BIOS/UEFI or kernel parameters

Disable XFD features

linux

Disable Intel AMX/TMUL features that use XFD if not needed.

Add 'clearcpuid=amx' to kernel boot parameters

🧯 If You Can't Patch

  • Avoid CPU hotplug operations on affected systems.
  • Monitor system logs for kernel crashes or #NM exceptions and have recovery procedures ready.

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if XFD features are enabled: uname -r and grep -i amx /proc/cpuinfo

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: uname -r and check kernel source or distribution patch notes.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • #NM exception logs in dmesg or /var/log/kern.log
  • CPU hotplug events in system logs

Network Indicators:

  • None - this is a local kernel issue

SIEM Query:

Search for 'kernel panic', 'NM exception', or 'CPU hotplug' events in system logs.

📊 Metadata

CVE ID: CVE-2024-35801
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-416
Published: May 17, 2024
Last Updated: September 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35801, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)