CVE-2024-36479: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-36479 affects the FPGA bridge framework in the Linux kernel. The vulnerability was discovered in the implementation of the FPGA bridge module, where the current implementation assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcount. This design could lead to a null pointer dereference vulnerability when attempting to get the bridge if the parent device does not have a driver (Kernel Commit).

The vulnerability exists in the FPGA bridge framework's module reference counting mechanism. The original implementation incorrectly relied on the parent device's driver owner pointer for reference counting, which could result in a null pointer dereference if no driver was present. The fix involves adding a dedicated module owner pointer (bropsowner) to the fpga_bridge struct and using it to properly manage the module's refcount. The solution also includes renaming the registration function and introducing a helper macro to ensure proper owner assignment (Kernel Commit).

If exploited, this vulnerability could lead to a null pointer dereference in the Linux kernel's FPGA bridge subsystem, potentially causing a system crash (denial of service) when attempting to access an FPGA bridge without a properly registered driver (Kernel Commit).

The vulnerability has been fixed in the Linux kernel through a patch that introduces proper module ownership handling. The fix includes adding a new bropsowner field to track module ownership and updating the registration interface to ensure proper reference counting. Systems should be updated to include this patch (Kernel Commit, Debian LTS).