CVE-2024-35816
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's firewire ohci driver where interrupt request (IRQ) resources are not properly freed during driver unbind operations. This affects systems using firewire hardware with the affected kernel versions, potentially leading to resource exhaustion over time. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or kernel panic.
Likely Case
Gradual memory leak during repeated driver bind/unbind operations, potentially causing performance degradation or system instability over time.
If Mitigated
Minimal impact with proper patching; memory leak prevented before significant resource consumption occurs.
🎯 Exploit Status
Exploitation requires local access and privileges to unbind drivers. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in stable kernel releases via commits 318f6d53dd425c400e35f1a9b7af682c2c6a66d6 and others
Vendor Advisory: https://git.kernel.org/stable/c/318f6d53dd425c400e35f1a9b7af682c2c6a66d6
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution's repositories. 2. For custom kernels, apply the fix commits from kernel.org. 3. Reboot to load the patched kernel.
🔧 Temporary Workarounds
Disable firewire module
linuxPrevent loading of the vulnerable firewire_ohci driver if firewire hardware is not needed
echo 'blacklist firewire_ohci' >> /etc/modprobe.d/blacklist-firewire.conf
rmmod firewire_ohci
Remove firewire hardware
allPhysically remove firewire hardware to eliminate attack surface
🧯 If You Can't Patch
- Monitor system memory usage and kernel logs for 'leaking at least firewire_ohci' messages
- Restrict local access to prevent unauthorized users from binding/unbinding drivers
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if firewire_ohci module is loaded: lsmod | grep firewire_ohciCheck Version:
uname -rVerify Fix Applied:
Check kernel version is patched and monitor dmesg for absence of IRQ leak messages during driver operations📡 Detection & Monitoring
Log Indicators:
- Kernel messages containing 'remove_proc_entry: removing non-empty directory irq/', 'leaking at least firewire_ohci'
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND "firewire_ohci" AND ("leaking" OR "remove_proc_entry")🔗 References
- https://git.kernel.org/stable/c/318f6d53dd425c400e35f1a9b7af682c2c6a66d6
- https://git.kernel.org/stable/c/43c70cbc2502cf2557105c662eeed6a15d082b88
- https://git.kernel.org/stable/c/575801663c7dc38f826212b39e3b91a4a8661c33
- https://git.kernel.org/stable/c/318f6d53dd425c400e35f1a9b7af682c2c6a66d6
- https://git.kernel.org/stable/c/43c70cbc2502cf2557105c662eeed6a15d082b88
- https://git.kernel.org/stable/c/575801663c7dc38f826212b39e3b91a4a8661c33
