CVE-2024-35879
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's device tree (OF) subsystem during overlay removal operations. It affects systems using device tree overlays where improper synchronization between devlink removal and node destruction can cause reference count mismatches. This primarily impacts embedded Linux systems and devices using dynamic device tree modifications.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Memory exhaustion leading to system instability, kernel panic, or denial of service through resource depletion.
Likely Case
Kernel warning messages in logs and potential minor memory leaks during device tree overlay operations, but unlikely to cause immediate system failure.
If Mitigated
No impact if systems don't use device tree overlays or if the vulnerability is patched.
🎯 Exploit Status
Exploitation requires specific device tree operations and timing conditions; more of a stability issue than security vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in git commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/3127b2ee50c424a96eb3559fbb7b43cf0b111c7a
Restart Required: Yes
Instructions:
1. Identify affected kernel version. 2. Apply kernel patches from provided git commits. 3. Recompile kernel if using custom build. 4. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Avoid device tree overlay removal sequences
linuxAvoid calling of_platform_depopulate() followed by of_overlay_remove() in affected systems
🧯 If You Can't Patch
- Monitor kernel logs for memory leak warnings related to of_node_put()
- Restrict device tree modification operations to essential maintenance only
🔍 How to Verify
Check if Vulnerable:
Check kernel version and review if device tree overlay operations are performed. Monitor dmesg for 'ERROR: memory leak, expected refcount 1 instead of 2' warnings.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes patches from referenced git commits. Test device tree overlay removal operations and ensure no memory leak warnings appear.📡 Detection & Monitoring
Log Indicators:
- ERROR: memory leak, expected refcount 1 instead of 2
- WARNING: of_node_put
- kernel memory leak warnings during device tree operations
SIEM Query:
source="kernel" AND ("memory leak" OR "refcount" OR "of_node_put")🔗 References
- https://git.kernel.org/stable/c/3127b2ee50c424a96eb3559fbb7b43cf0b111c7a
- https://git.kernel.org/stable/c/3ee2424107546d882e1ddd75333ca9c32879908c
- https://git.kernel.org/stable/c/7b6df050c45a1ea158fd50bc32a8e1447dd1e951
- https://git.kernel.org/stable/c/801c8b8ec5bfb3519566dff16a5ecd48302fca82
- https://git.kernel.org/stable/c/8917e7385346bd6584890ed362985c219fe6ae84
- https://git.kernel.org/stable/c/ae6d76e4f06c37a623e357e79d49b17411db6f5c
- https://git.kernel.org/stable/c/3127b2ee50c424a96eb3559fbb7b43cf0b111c7a
- https://git.kernel.org/stable/c/3ee2424107546d882e1ddd75333ca9c32879908c
- https://git.kernel.org/stable/c/7b6df050c45a1ea158fd50bc32a8e1447dd1e951
- https://git.kernel.org/stable/c/801c8b8ec5bfb3519566dff16a5ecd48302fca82
- https://git.kernel.org/stable/c/8917e7385346bd6584890ed362985c219fe6ae84
- https://git.kernel.org/stable/c/ae6d76e4f06c37a623e357e79d49b17411db6f5c
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
