CVE-2024-35818 – This CVE addresses a memory ordering vulnerabil... (How to Fix)

Q: What is the severity of CVE-2024-35818?

CVE-2024-35818 has a CVSS score of 5.5 (MEDIUM). This CVE addresses a memory ordering vulnerability in the Linux kernel on LoongArch architecture where the __io_aw() hook wasn't properly defined as mmiowb(), potentially causing GPU lockups and system instability. It affects systems using LoongArch processors with certain graphics drivers like Radeon. The issue manifests as GPU stalls and rendering failures during graphics operations.

📋 TL;DR

This CVE addresses a memory ordering vulnerability in the Linux kernel on LoongArch architecture where the __io_aw() hook wasn't properly defined as mmiowb(), potentially causing GPU lockups and system instability. It affects systems using LoongArch processors with certain graphics drivers like Radeon. The issue manifests as GPU stalls and rendering failures during graphics operations.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected kernel versions not specified in CVE, but patches available for stable branches

Operating Systems: Linux distributions running on LoongArch architecture

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with LoongArch processors using graphics drivers that rely on proper memory ordering for MMIO operations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System instability, GPU lockups, data corruption, or denial of service during graphics-intensive operations, potentially leading to system crashes.

🟠

Likely Case

GPU stalls and rendering failures when running graphics applications like glxgears, causing application crashes and degraded performance.

🟢

If Mitigated

Minor performance impact during graphics operations with proper memory ordering enforced.

🌐 Internet-Facing: LOW - This is a local kernel memory ordering issue not directly exploitable over network.

🏢 Internal Only: MEDIUM - Affects system stability and graphics performance for LoongArch users running affected kernel versions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

This is a stability/performance issue rather than a security vulnerability with traditional exploitation. Requires local access and specific hardware/software configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel patches available (see references)

Vendor Advisory: https://git.kernel.org/stable/c/0b61a7dc6712b78799b3949997e8a5e94db5c4b0

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version 2. Apply specific commit: 0b61a7dc6712b78799b3949997e8a5e94db5c4b0 3. Reboot system

🔧 Temporary Workarounds

Avoid graphics-intensive applications

linux

Temporarily avoid running graphics applications that trigger the GPU lockup condition

🧯 If You Can't Patch

Avoid using affected graphics drivers on LoongArch systems
Monitor system logs for GPU stall warnings and restart affected services

🔍 How to Verify

Check if Vulnerable:

Check kernel version and architecture: uname -a, then verify if running on LoongArch with affected kernel

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes the fix commit: git log --oneline | grep '0b61a7dc6712b78799b3949997e8a5e94db5c4b0'

📡 Detection & Monitoring

Log Indicators:

radeon.*ring.*stalled
GPU lockup
scheduling IB failed
Couldn't update BO_VA

SIEM Query:

source="kernel" AND ("ring stalled" OR "GPU lockup" OR "scheduling IB failed")

📊 Metadata

CVE ID: CVE-2024-35818

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-667

Published: May 17, 2024

Last Updated: September 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35818, you might also want to check these: