{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-35801","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-17T12:19:12.341Z","datePublished":"2024-05-17T13:23:10.830Z","dateUpdated":"2026-05-11T20:11:18.518Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:11:18.518Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Keep xfd_state in sync with MSR_IA32_XFD\n\nCommit 672365477ae8 (\"x86/fpu: Update XFD state where required\") and\ncommit 8bf26758ca96 (\"x86/fpu: Add XFD state to fpstate\") introduced a\nper CPU variable xfd_state to keep the MSR_IA32_XFD value cached, in\norder to avoid unnecessary writes to the MSR.\n\nOn CPU hotplug MSR_IA32_XFD is reset to the init_fpstate.xfd, which\nwipes out any stale state. But the per CPU cached xfd value is not\nreset, which brings them out of sync.\n\nAs a consequence a subsequent xfd_update_state() might fail to update\nthe MSR which in turn can result in XRSTOR raising a #NM in kernel\nspace, which crashes the kernel.\n\nTo fix this, introduce xfd_set_state() to write xfd_state together\nwith MSR_IA32_XFD, and use it in all places that set MSR_IA32_XFD."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/kernel/fpu/xstate.c","arch/x86/kernel/fpu/xstate.h"],"versions":[{"version":"672365477ae8afca5a1cca98c1deb733235e4525","lessThan":"21c7c00dae55cb0e3810d5f9506b58f68475d41d","status":"affected","versionType":"git"},{"version":"672365477ae8afca5a1cca98c1deb733235e4525","lessThan":"1acbca933313aa866e39996904c9aca4d435c4cd","status":"affected","versionType":"git"},{"version":"672365477ae8afca5a1cca98c1deb733235e4525","lessThan":"92b0f04e937665bde5768f3fcc622dcce44413d8","status":"affected","versionType":"git"},{"version":"672365477ae8afca5a1cca98c1deb733235e4525","lessThan":"b61e3b7055ac6edee4be071c52f48c26472d2624","status":"affected","versionType":"git"},{"version":"672365477ae8afca5a1cca98c1deb733235e4525","lessThan":"10e4b5166df9ff7a2d5316138ca668b42d004422","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/kernel/fpu/xstate.c","arch/x86/kernel/fpu/xstate.h"],"versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","status":"unaffected","versionType":"semver"},{"version":"6.1.84","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.24","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.12","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8.3","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.84"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.6.24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.7.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.8.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/21c7c00dae55cb0e3810d5f9506b58f68475d41d"},{"url":"https://git.kernel.org/stable/c/1acbca933313aa866e39996904c9aca4d435c4cd"},{"url":"https://git.kernel.org/stable/c/92b0f04e937665bde5768f3fcc622dcce44413d8"},{"url":"https://git.kernel.org/stable/c/b61e3b7055ac6edee4be071c52f48c26472d2624"},{"url":"https://git.kernel.org/stable/c/10e4b5166df9ff7a2d5316138ca668b42d004422"}],"title":"x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-416","lang":"en","description":"CWE-416 Use After Free"}]}],"affected":[{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"672365477ae8","status":"affected","lessThan":"21c7c00dae55","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"672365477ae8","status":"affected","lessThan":"1acbca933313","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"672365477ae8","status":"affected","lessThan":"92b0f04e9376","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"672365477ae8","status":"affected","lessThan":"b61e3b7055ac","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"672365477ae8","status":"affected","lessThan":"10e4b5166df9","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"unaffected","lessThan":"5.16","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.6.24","status":"unaffected","lessThan":"6.7","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.7.12","status":"unaffected","lessThan":"6.8","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.8.3","status":"unaffected","lessThan":"6.9","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.9","status":"unaffected"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.16","status":"affected"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.1.84","status":"unaffected","lessThan":"6.2","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-06-03T16:40:36.565439Z","id":"CVE-2024-35801","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-06T19:22:28.826Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:21:47.620Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/21c7c00dae55cb0e3810d5f9506b58f68475d41d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1acbca933313aa866e39996904c9aca4d435c4cd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/92b0f04e937665bde5768f3fcc622dcce44413d8","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b61e3b7055ac6edee4be071c52f48c26472d2624","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/10e4b5166df9ff7a2d5316138ca668b42d004422","tags":["x_transferred"]}]}]}}