What is CVE-2024-35939?

A high-severity vulnerability has been identified in the Linux kernel, potentially allowing for memory leaks in specific scenarios. Organizations using affected Linux kernel versions should prioritize patching to mitigate risks associated with this vulnerability.

What is the severity of CVE-2024-35939?

CVE-2024-35939 has a severity rating of HIGH with a CVSS base score of 7.1.

CVE-2024-35939 | High Vulnerability in Linux Kernel

In the Linux kernel, a high-severity vulnerability (CVE-2024-35939) has been identified that allows for the potential leaking of decrypted memory pages under certain conditions. This vulnerability arises from the failure of the dma_set_decrypted() function when used in conjunction with Intel's TDX technology. When the untrusted host triggers this failure, the memory could be inadvertently shared, leading to serious functional or security implications.

The vulnerability has a CVSS score of 7.1, indicating its high severity, and poses a significant risk to organizations using affected versions of the Linux kernel. Failure to address this vulnerability can result in unauthorized access to sensitive data, as attackers may exploit the leaked pages to gain insights into the system's memory.

Currently, there are no known exploits publicly available for this vulnerability. However, organizations should remain vigilant and monitor their systems closely. Given the potential impact, it is crucial to prioritize patching as part of the incident response plan.

Organizations should prioritize patching immediately to mitigate the risks associated with this vulnerability. Regular updates and security assessments can help in identifying and remediating vulnerabilities before they can be exploited.

Vulnerability Details

The vulnerability allows for memory leaks during the execution of the dma_set_decrypted() function in the Linux kernel. This function is crucial in managing memory encryption on TDX. When it fails, the resulting decrypted memory may be shared inadvertently, which can lead to serious security concerns. The vulnerability was published on May 19, 2024.

Technical Analysis

The root cause of this vulnerability stems from the handling of memory when the dma_set_decrypted() function fails. Callers must appropriately manage the resulting memory to avoid inadvertently sharing decrypted pages with the page allocator. If this memory is not handled properly, it could lead to unauthorized access to sensitive data.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to sensitive data due to memory leaks. The vulnerability's exploitation could compromise system integrity and confidentiality, making it essential for organizations to address this issue promptly. The urgency is heightened by the vulnerability's high CVSS score, indicating that organizations should schedule remediation based on their patch management policies.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to vendor patch are affected. The specific vulnerable versions include those before 6.1.86, between 6.2 and 6.6.27 (exclusive), and between 6.7 and 6.8.6 (exclusive). Organizations should review their Linux kernel versions against this vulnerability.

Mitigation & Remediation

To remediate this vulnerability, organizations must apply the relevant patches provided by the Linux kernel maintainers. Additionally, configuration hardening and regular security assessments can help mitigate risks. For comprehensive remediation strategies, organizations can leverage application security assessments to identify and address vulnerabilities.

Detection Guidance

Organizations should monitor logs for unusual memory access patterns and review system calls related to memory management. Behavioral anomalies that indicate unauthorized access attempts should also be investigated thoroughly.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2024-35939 highlights the ongoing need for vigilance in memory management within the kernel. This vulnerability represents a broader trend of increasing complexity in kernel memory handling. Security teams should take this as a lesson to reinforce their testing methodologies. Organizations can enhance their defenses by implementing penetration testing methodologies and conducting comprehensive reviews of their kernel configurations.

For organizations looking to bolster their defenses, exploring vulnerability management programs that integrate continuous security testing could prove beneficial.

Lastly, collaboration with external security experts through red teaming services can help organizations identify potential blind spots in their defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-35939: High Vulnerability in Linux Kernel