CVE-2024-35997
📋 TL;DR
A race condition in the Linux kernel's I2C-HID driver can cause a CPU lock-up when interrupt handling conflicts with I2C operations. This affects systems using I2C-HID devices (like touchpads, keyboards) on vulnerable kernel versions. The vulnerability can lead to denial of service on affected systems.
💻 Affected Systems
- Linux kernel with I2C-HID driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system lock-up requiring hard reboot, potentially causing data loss or service disruption.
Likely Case
Local denial of service affecting I2C-HID device functionality, possibly requiring reboot.
If Mitigated
Minimal impact if systems are patched or don't use I2C-HID devices.
🎯 Exploit Status
Requires local access and specific timing conditions to trigger the race condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel commits: 0561b65fbd53d3e788c5b0222d9112ca016fd6a1 and related stable backports
Vendor Advisory: https://git.kernel.org/stable/c/0561b65fbd53d3e788c5b0222d9112ca016fd6a1
Restart Required: Yes
Instructions:
1. Update to patched kernel version from your distribution. 2. Reboot system. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable I2C-HID devices
linuxRemove or blacklist I2C-HID driver to prevent vulnerability trigger
echo 'blacklist i2c_hid' > /etc/modprobe.d/blacklist-i2c-hid.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to systems with I2C-HID devices
- Monitor system logs for lock-up events and implement rapid response procedures
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if I2C-HID module is loaded: lsmod | grep i2c_hidCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check dmesg for I2C-HID driver loading without errors📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- CPU stuck messages in dmesg
- I2C timeout errors
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("i2c_hid" OR "CPU stuck" OR "watchdog")🔗 References
- https://git.kernel.org/stable/c/0561b65fbd53d3e788c5b0222d9112ca016fd6a1
- https://git.kernel.org/stable/c/21bfca822cfc1e71796124e93b46e0d9fa584401
- https://git.kernel.org/stable/c/29e94f295bad5be59cf4271a93e22cdcf5536722
- https://git.kernel.org/stable/c/418c5575d56410c6e186ab727bf32ae32447d497
- https://git.kernel.org/stable/c/5095b93021b899f54c9355bebf36d78854c33a22
- https://git.kernel.org/stable/c/9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e
- https://git.kernel.org/stable/c/b65fb50e04a95eec34a9d1bc138454a98a5578d8
- https://git.kernel.org/stable/c/c448a9fd50f77e8fb9156ff64848aa4295eb3003
- https://git.kernel.org/stable/c/0561b65fbd53d3e788c5b0222d9112ca016fd6a1
- https://git.kernel.org/stable/c/21bfca822cfc1e71796124e93b46e0d9fa584401
- https://git.kernel.org/stable/c/29e94f295bad5be59cf4271a93e22cdcf5536722
- https://git.kernel.org/stable/c/418c5575d56410c6e186ab727bf32ae32447d497
- https://git.kernel.org/stable/c/5095b93021b899f54c9355bebf36d78854c33a22
- https://git.kernel.org/stable/c/9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e
- https://git.kernel.org/stable/c/b65fb50e04a95eec34a9d1bc138454a98a5578d8
- https://git.kernel.org/stable/c/c448a9fd50f77e8fb9156ff64848aa4295eb3003
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
