CVE-2024-35836
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35836
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35836.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35836
- Downstream
- Related
- Published
- 2024-05-17T14:02:27Z
- Modified
- 2025-10-15T10:11:58.281664Z
- Summary
- dpll: fix pin dump crash for rebound module
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dpll: fix pin dump crash for rebound module
When a kernel module is unbound but the pin resources were not entirely freed (other kernel module instance of the same PCI device have had kept the reference to that pin), and kernel module is again bound, the pin properties would not be updated (the properties are only assigned when memory for the pin is allocated), prop pointer still points to the kernel module memory of the kernel module which was deallocated on the unbind.
If the pin dump is invoked in this state, the result is a kernel crash. Prevent the crash by storing persistent pin properties in dpll subsystem, copy the content from the kernel module when pin is allocated, instead of using memory of the kernel module.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9431063ad323ac864750aeba4d304389bc42ca4eFixed5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9431063ad323ac864750aeba4d304389bc42ca4eFixed830ead5fb0c5855ce4d70ba2ed4a673b5f1e7d9b
Affected versions
v6.*
v6.6
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_msg_add_pin_freq",
"file": "drivers/dpll/dpll_netlink.c"
},
"deprecated": false,
"digest": {
"length": 1092.0,
"function_hash": "295908840047988400204156232700142220427"
},
"id": "CVE-2024-35836-20c9c076"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_pin_alloc",
"file": "drivers/dpll/dpll_core.c"
},
"deprecated": false,
"digest": {
"length": 853.0,
"function_hash": "63198467188730950927081887040963607780"
},
"id": "CVE-2024-35836-2aab788d"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_pin_put",
"file": "drivers/dpll/dpll_core.c"
},
"deprecated": false,
"digest": {
"length": 272.0,
"function_hash": "124905523832464749539554282191339753168"
},
"id": "CVE-2024-35836-32ccd0a9"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_pin_prio_set",
"file": "drivers/dpll/dpll_netlink.c"
},
"deprecated": false,
"digest": {
"length": 613.0,
"function_hash": "105411418265014180341514476671058729315"
},
"id": "CVE-2024-35836-43d56314"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Line",
"target": {
"file": "drivers/dpll/dpll_core.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"51870189321605199942653842173626101542",
"139059835914213702299465728910414289412",
"190707144678863358965627493594977259709",
"297319415644721328201228369013456343331",
"183298415364951496348380640728399618320",
"222265768180744522173279487179857004118",
"24458146006810992341517895258060552001",
"307861071136818317491486089805116457086",
"280133902344478761110094760767221838334",
"281888698890133322227683602576061640242",
"216414008321161912484374979165009331348",
"322686118913498815676255813916112463750",
"106663098791384429197186526489491543823",
"193073922081098562781685668804960548108",
"68812720233249329957379088825290497268",
"240146084646146476960265517484112040885",
"172236932222527157087472788226384862179",
"320128221017046188001683199477491245126",
"281644182114028288535484994863055726060"
],
"threshold": 0.9
},
"id": "CVE-2024-35836-4a1f1acd"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_pin_on_pin_state_set",
"file": "drivers/dpll/dpll_netlink.c"
},
"deprecated": false,
"digest": {
"length": 870.0,
"function_hash": "67998529394010074810238500923071119483"
},
"id": "CVE-2024-35836-4d79ff4b"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_pin_is_freq_supported",
"file": "drivers/dpll/dpll_netlink.c"
},
"deprecated": false,
"digest": {
"length": 287.0,
"function_hash": "239234622990683740035530811220585343142"
},
"id": "CVE-2024-35836-5ef8a21a"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Line",
"target": {
"file": "drivers/dpll/dpll_core.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"11326221520063009645281864740946902369",
"30769556332514010255199565627855883105",
"310439764940635081675138887976057517325",
"203692947257985987287688750258609243811",
"240245327691583049596146768771994671378",
"257210039295582672724868247606447029608",
"71916555182851096818043585888516430346"
],
"threshold": 0.9
},
"id": "CVE-2024-35836-6c2be182"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_pin_on_pin_register",
"file": "drivers/dpll/dpll_core.c"
},
"deprecated": false,
"digest": {
"length": 1081.0,
"function_hash": "232693011821362798347361729592411215590"
},
"id": "CVE-2024-35836-6ed17338"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_pin_find",
"file": "drivers/dpll/dpll_netlink.c"
},
"deprecated": false,
"digest": {
"length": 1042.0,
"function_hash": "4434692244728091080776030150513118076"
},
"id": "CVE-2024-35836-7e23010e"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_pin_phase_adj_set",
"file": "drivers/dpll/dpll_netlink.c"
},
"deprecated": false,
"digest": {
"length": 1590.0,
"function_hash": "54892923477993004617072419812682504706"
},
"id": "CVE-2024-35836-909a8cc4"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_pin_state_set",
"file": "drivers/dpll/dpll_netlink.c"
},
"deprecated": false,
"digest": {
"length": 629.0,
"function_hash": "216961981266600437550501384916568199648"
},
"id": "CVE-2024-35836-a7d31431"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_pin_direction_set",
"file": "drivers/dpll/dpll_netlink.c"
},
"deprecated": false,
"digest": {
"length": 629.0,
"function_hash": "80376011785509011226714007822120647620"
},
"id": "CVE-2024-35836-bdbff35f"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Function",
"target": {
"function": "dpll_cmd_pin_get_one",
"file": "drivers/dpll/dpll_netlink.c"
},
"deprecated": false,
"digest": {
"length": 1521.0,
"function_hash": "47755914271655002353867395274002251763"
},
"id": "CVE-2024-35836-eef1ad45"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"signature_type": "Line",
"target": {
"file": "drivers/dpll/dpll_netlink.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"36750511983320653107406373709299766849",
"38791550749383046063393473235382106088",
"243340313030982030031598378325359656194",
"276854612254488157761665841783507389500",
"93473534908702717434623720505738648499",
"2876384960927432214043296197635118165",
"221660939183253906669358287569262508558",
"283280826296481320257142407099396016501",
"188391194899017910140408716409210269312",
"311253602357643089675436522512958153120",
"279387379025943541942726318161676012912",
"49770844009131744882281588599199977161",
"141167866502247987887812412415343967507",
"246671909521055608615580935817153708955",
"338717817043000265205457732020542705647",
"244164171581834592627403581024503751251",
"299863342128207585652933491909699944243",
"24107976198507583242410317835625211349",
"11055579675976056411834803396964368226",
"181695564157869133697567664551943796341",
"145696155831206670049767869920347692659",
"179146823375046689982776320842564464845",
"195713788006387851633169840932637731199",
"77837616105992027907388325674122868281",
"100985444286578691148806663014094587619",
"157236662560192009231153842560012644681",
"193482116593592705722141962793254652650",
"194500111661613791508171620927789179229",
"91829176366914411434827574362788937460",
"157236662560192009231153842560012644681",
"193482116593592705722141962793254652650",
"194500111661613791508171620927789179229",
"176846314268051614657003545411563204916",
"239874919903257702295693954041944010487",
"257886812764063526890816374700694506294",
"289112425988084481105726447794664317450",
"72065834046539490632786873634705001110",
"199394676226011235574332956464856029778",
"168051466554579941603651727472764644706",
"178706405589303682013432932620523539355",
"209553226441723319830528871103325459143",
"121471293062138920221096878957935841540",
"233270969433932763868746494694205171786",
"15726395270649395134703876061468644774",
"2765379881352117660789894338082806722",
"77964535166851042613021286417746501563",
"31863981267930458323445142625828691698",
"319733155725876016951036252845387398160",
"324767441343319627074094526431081392142"
],
"threshold": 0.9
},
"id": "CVE-2024-35836-f2dd4712"
}
]
}