CVE-2024-35893: 
Linux Kernel vulnerability analysis and mitigation

A kernel information leak vulnerability (CVE-2024-35893) was discovered in the Linux kernel's network scheduler component. The issue was found by syzbot in the tcfskbmoddump() function, which was copying four bytes from kernel stack to user space. The vulnerability exists due to a four-byte hole in 'struct tc_skbmod' structure that needed to be cleared before filling fields (Kernel Git).

The vulnerability occurs in the net/sched/actskbmod.c file where tcfskbmoddump() function fails to properly initialize a structure before copying it to userspace. The issue stems from uninitialized memory in 'struct tcskbmod' being exposed when copying data between kernel and user space. Specifically, bytes 188-191 of a 248-byte memory region starting at kernel address ffff888117697680 were being copied to user address 00007ffe56d855f0 without proper initialization (Kernel Git).

This vulnerability allows an attacker to read uninitialized kernel memory (kernel stack), potentially exposing sensitive information from the kernel space to user space applications (Kernel Git).

The issue has been fixed by adding proper structure initialization using memset() before filling the fields. The fix was implemented in the Linux kernel and has been backported to various stable kernel versions. Users should update their kernel to a patched version that includes the fix (Kernel Git, Debian LTS).

The vulnerability has been acknowledged and patched by major Linux distributions including Debian, which included the fix in their security updates. Red Hat has also incorporated the fix in their Enterprise Linux updates (Red Hat).