CVE-2024-35859 in Linux
Summary
by MITRE • 05/17/2024
In the Linux kernel, the following vulnerability has been resolved:
block: fix module reference leakage from bdev_open_by_dev error path
At the time bdev_may_open() is called, module reference is grabbed already, hence module reference should be released if bdev_may_open() failed.
This problem is found by code review.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 12/04/2025
The vulnerability identified as CVE-2024-35859 represents a critical module reference leakage issue within the Linux kernel's block device subsystem. This flaw occurs during the bdev_open_by_dev function execution when an error path is triggered, creating a scenario where kernel modules fail to properly release references they had previously acquired. The issue stems from the improper handling of module reference counting mechanisms during error conditions, specifically when the bdev_may_open() function fails after a module reference has already been obtained. The vulnerability was discovered through systematic code review processes rather than through automated testing or runtime exploitation, highlighting the importance of thorough code examination in kernel security auditing.
The technical implementation of this vulnerability involves the kernel's block device management logic where module references are acquired during the bdev_may_open() call but not properly released when that function encounters an error condition. This creates a memory management inconsistency where module reference counts become misaligned with actual module usage, potentially leading to resource leaks and module loading/unloading complications. The flaw specifically affects the block device subsystem's error handling pathways, where the expected reference release mechanism fails to execute properly. According to CWE classification, this represents a CWE-404: Improper Resource Shutdown or Release, as the module references are not properly released during error conditions. The issue demonstrates poor exception handling practices within kernel code where proper cleanup routines are not executed when intermediate operations fail.
The operational impact of CVE-2024-35859 extends beyond simple resource leakage to potentially affect system stability and module management capabilities. When module references accumulate improperly due to this flaw, it can lead to situations where kernel modules cannot be properly unloaded or reloaded, creating operational constraints for system administrators. This vulnerability may manifest as gradual resource exhaustion over time, particularly in systems with frequent block device operations or dynamic module loading scenarios. The issue could potentially be exploited by malicious actors to cause denial of service conditions through resource exhaustion attacks, though the primary concern is the improper resource management rather than direct privilege escalation. From an ATT&CK framework perspective, this vulnerability aligns with T1490: Inhibit System Recovery, as improper resource management can contribute to system instability and reduced availability.
Mitigation strategies for CVE-2024-35859 require immediate kernel updates from vendors who have addressed this specific reference leakage issue in their code repositories. System administrators should prioritize patching affected kernel versions to ensure proper module reference handling during error conditions. The fix implemented in the kernel resolves the issue by ensuring that module references obtained during bdev_may_open() are properly released when that function fails, maintaining proper reference counting semantics. Organizations should also implement monitoring for module loading/unloading patterns and resource usage to detect potential impacts from this vulnerability. Regular kernel security auditing and code review processes should be enhanced to identify similar reference counting issues in other subsystems. Additionally, maintaining up-to-date security patches and following secure coding practices for kernel module development can prevent similar issues from emerging in future implementations. The vulnerability demonstrates the critical importance of proper error handling in kernel space where resource management failures can have cascading effects on system stability and security posture.