CVE-2024-35892 – This CVE describes a race condition vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-35892?

CVE-2024-35892 has a CVSS score of 5.5 (MEDIUM). This CVE describes a race condition vulnerability in the Linux kernel's network scheduler subsystem where qdisc_tree_reduce_backlog() incorrectly uses qdisc_lookup() instead of qdisc_lookup_rcu() when called with qdisc lock held. This can cause lockdep warnings and potential kernel instability. Affects Linux systems using network traffic control features.

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's network scheduler subsystem where qdisc_tree_reduce_backlog() incorrectly uses qdisc_lookup() instead of qdisc_lookup_rcu() when called with qdisc lock held. This can cause lockdep warnings and potential kernel instability. Affects Linux systems using network traffic control features.

💻 Affected Systems

Products:

Linux Kernel

Versions: Specific affected versions not explicitly stated, but references indicate fixes in stable kernel trees

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires network traffic control (qdisc) functionality to be used. Systems with complex network scheduling configurations are more likely to trigger the issue.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash due to lock contention and race conditions in network scheduling code

🟠

Likely Case

Kernel warning messages, potential performance degradation, or system instability under heavy network traffic

🟢

If Mitigated

Minor performance impact or warning messages in kernel logs

🌐 Internet-Facing: LOW - Requires local access or ability to manipulate network traffic control

🏢 Internal Only: MEDIUM - Could be triggered by internal network operations or misconfigured network policies

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

This is a race condition that requires specific timing and network configuration to trigger. Exploitation would likely cause denial of service rather than privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (commits: 07696415526bee0607e495017369c7303a4792e1, 7eb322360b0266481e560d1807ee79e0cef5742b, b7d1ce2cc7192e8a037faa3f5d3ba72c25976460, c040b99461a5bfc14c2d0cbb1780fcc3a4706c7e)

Vendor Advisory: https://git.kernel.org/stable/c/07696415526bee0607e495017369c7303a4792e1

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution vendor. 2. Apply the specific kernel patch if building from source. 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable network traffic control features

linux

Remove or simplify network qdisc configurations to avoid triggering the vulnerable code path

tc qdisc del dev <interface> root
tc qdisc show

🧯 If You Can't Patch

Monitor kernel logs for lockdep warnings related to qdisc_tree_reduce_backlog
Avoid complex network traffic shaping configurations and limit use of qdisc features

🔍 How to Verify

Check if Vulnerable:

Check kernel version and look for lockdep warnings in dmesg related to qdisc_tree_reduce_backlog or suspicious RCU usage

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or check that lockdep warnings no longer appear during network traffic shaping operations

📡 Detection & Monitoring

Log Indicators:

WARNING: suspicious RCU usage
lockdep splat messages
qdisc_tree_reduce_backlog in stack traces

Network Indicators:

Unusual network performance degradation when using traffic control

SIEM Query:

kernel_logs WARNING AND ("suspicious RCU" OR "qdisc_tree_reduce_backlog")

📊 Metadata

CVE ID: CVE-2024-35892

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-667

Published: May 19, 2024

Last Updated: September 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35892, you might also want to check these: