Login Sign Up

CVE-2024-35985

5.5 MEDIUM
Denial of Service

📋 TL;DR

A Linux kernel vulnerability in the EEVDF scheduler allows a NULL pointer dereference due to integer overflow in reweight_eevdf(). This can cause kernel panic and system crashes. Affects Linux systems using the EEVDF scheduler.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions with EEVDF scheduler implementation (specific versions in git commits)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires EEVDF scheduler to be active; vulnerability triggers under specific timing/scheduling conditions

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and denial of service

🟠

Likely Case

System instability or crash under specific scheduler conditions

🟢

If Mitigated

No impact if patched or scheduler not triggered

🌐 Internet-Facing: LOW - Requires local access and specific scheduler conditions
🏢 Internal Only: MEDIUM - Local users could potentially crash systems

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires local access and precise timing to trigger the integer overflow condition

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in git commits: 06f27e6d7bf0abf54488259ef36bbf0e1fccb35c, 1560d1f6eb6b398bddd80c16676776c0325fe5fe, 470d347b14b0ecffa9b39cf8f644fa2351db3efb

Vendor Advisory: https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version 2. Recompile kernel if using custom build 3. Reboot system to load new kernel

🔧 Temporary Workarounds

Disable EEVDF scheduler

linux

Switch to alternative scheduler like CFS

Add 'sched=default' to kernel boot parameters

🧯 If You Can't Patch

  • Restrict local user access to critical systems
  • Implement kernel crash monitoring and automatic recovery

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if EEVDF scheduler is active: uname -r and check /proc/sys/kernel/sched_scheduler

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the git commit hashes for the fix

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • NULL pointer dereference in kernel logs
  • System crash/reboot events

Network Indicators:

  • Sudden system unavailability

SIEM Query:

event_type:kernel_panic OR event_type:system_crash AND process:scheduler

📊 Metadata

CVE ID: CVE-2024-35985
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: May 20, 2024
Last Updated: January 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35985, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)