{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-35996","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-17T13:50:33.148Z","datePublished":"2024-05-20T09:47:59.713Z","dateUpdated":"2026-05-12T11:53:31.022Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:15:17.480Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncpu: Re-enable CPU mitigations by default for !X86 architectures\n\nRename x86's to CPU_MITIGATIONS, define it in generic code, and force it\non for all architectures exception x86.  A recent commit to turn\nmitigations off by default if SPECULATION_MITIGATIONS=n kinda sorta\nmissed that \"cpu_mitigations\" is completely generic, whereas\nSPECULATION_MITIGATIONS is x86-specific.\n\nRename x86's SPECULATIVE_MITIGATIONS instead of keeping both and have it\nselect CPU_MITIGATIONS, as having two configs for the same thing is\nunnecessary and confusing.  This will also allow x86 to use the knob to\nmanage mitigations that aren't strictly related to speculative\nexecution.\n\nUse another Kconfig to communicate to common code that CPU_MITIGATIONS\nis already defined instead of having x86's menu depend on the common\nCPU_MITIGATIONS.  This allows keeping a single point of contact for all\nof x86's mitigations, and it's not clear that other architectures *want*\nto allow disabling mitigations at compile-time."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/Kconfig","arch/x86/Kconfig","kernel/cpu.c"],"versions":[{"version":"30da4180fd768973189dc364648f9c436e57b01d","lessThan":"af6d6a923b40bf6471e44067ac61cc5814b48e7f","status":"affected","versionType":"git"},{"version":"70688450dddaf91e12fd4fc625da3297025932c9","lessThan":"36b32816fbab267611f073223f1b0b816ec5920f","status":"affected","versionType":"git"},{"version":"9c09773917fbb77dff85b433e1e89123fc5fb530","lessThan":"38f17d1fbb5bfb56ca1419e2d06376d57a9396f9","status":"affected","versionType":"git"},{"version":"2978ee7c973ce81b6e51100ba1e5ae001af624b9","lessThan":"8292f4f8dd1b005d0688d726261004f816ef730a","status":"affected","versionType":"git"},{"version":"c4a9babdd5d5a41a74269a2e1aa1647b1b4c45bb","lessThan":"fd8547ebc187037cc69441a15c1441aeaab80f49","status":"affected","versionType":"git"},{"version":"f337a6a21e2fd67eadea471e93d05dd37baaa9be","lessThan":"fe42754b94a42d08cf9501790afc25c4f6a5f631","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/Kconfig","arch/x86/Kconfig","kernel/cpu.c"],"versions":[{"version":"5.15.156","lessThan":"5.15.158","status":"affected","versionType":"semver"},{"version":"6.1.87","lessThan":"6.1.90","status":"affected","versionType":"semver"},{"version":"6.6.28","lessThan":"6.6.30","status":"affected","versionType":"semver"},{"version":"6.8.7","lessThan":"6.8.9","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.156","versionEndExcluding":"5.15.158"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.87","versionEndExcluding":"6.1.90"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.28","versionEndExcluding":"6.6.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8.7","versionEndExcluding":"6.8.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/af6d6a923b40bf6471e44067ac61cc5814b48e7f"},{"url":"https://git.kernel.org/stable/c/36b32816fbab267611f073223f1b0b816ec5920f"},{"url":"https://git.kernel.org/stable/c/38f17d1fbb5bfb56ca1419e2d06376d57a9396f9"},{"url":"https://git.kernel.org/stable/c/8292f4f8dd1b005d0688d726261004f816ef730a"},{"url":"https://git.kernel.org/stable/c/fd8547ebc187037cc69441a15c1441aeaab80f49"},{"url":"https://git.kernel.org/stable/c/fe42754b94a42d08cf9501790afc25c4f6a5f631"}],"title":"cpu: Re-enable CPU mitigations by default for !X86 architectures","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-17T17:38:11.111508Z","id":"CVE-2024-35996","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-17T17:40:17.312Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:30:12.399Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/af6d6a923b40bf6471e44067ac61cc5814b48e7f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/36b32816fbab267611f073223f1b0b816ec5920f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/38f17d1fbb5bfb56ca1419e2d06376d57a9396f9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8292f4f8dd1b005d0688d726261004f816ef730a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fd8547ebc187037cc69441a15c1441aeaab80f49","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fe42754b94a42d08cf9501790afc25c4f6a5f631","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]}]},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T11:53:31.022Z"},"affected":[{"vendor":"Siemens","product":"RUGGEDCOM RST2428P","versions":[{"status":"affected","version":"0","lessThan":"V3.1","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family","versions":[{"status":"unaffected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SCALANCE XCM-/XRM-/XCH-/XRH-300 family","versions":[{"status":"affected","version":"0","lessThan":"V3.1","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-613116.html"}]}]},"dataVersion":"5.2"}