CVE-2024-35878: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-35878 is a NULL pointer dereference vulnerability discovered in the Linux kernel's device tree and open firmware driver module. The vulnerability was identified in the of_modalias() function where improper handling of str and len parameters could cause a kernel oops in vsnprintf(). The issue was discovered by the Linux Verification Center (linuxtesting.org) using their Svace static analysis tool (Kernel Git).

The vulnerability occurs in the Linux kernel's ofmodalias() function where the vsnprintf() function only allows passing a NULL pointer when the length parameter is also 0. Additionally, negative values of the len parameter could result in a buffer overflow since snprintf() takes a sizet parameter while the function uses ssize_t. The issue has been assigned a CVSS v3.1 Base Score of 5.3 (MEDIUM) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (NVD).

When exploited, this vulnerability could cause a kernel oops (crash) through a NULL pointer dereference, potentially leading to a denial of service condition. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (CISA-ADP).

The vulnerability has been patched in the Linux kernel by adding input validation checks. The fix ensures that if the length parameter is greater than 0 and the string pointer is NULL, or if the length is negative, the function returns -EINVAL. The patch has been merged into the mainline kernel and is being backported to stable kernel versions (Kernel Git).