{"id":"CVE-2024-35995","summary":"ACPI: CPPC: Use access_width over bit_width for system memory accesses","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]","modified":"2026-04-02T11:59:54.918732Z","published":"2024-05-20T09:47:59.057Z","related":["MGASA-2024-0263","MGASA-2024-0266","SUSE-SU-2024:2135-1","SUSE-SU-2024:2203-1","SUSE-SU-2024:2892-1","SUSE-SU-2024:2894-1","SUSE-SU-2024:2901-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2940-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20249-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35995.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35995.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35995"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5bbb86aa4b8d84395e42cd05448820651d79f349"},{"fixed":"01fc53be672acae37e611c80cc0b4f3939584de3"},{"fixed":"1b890ae474d19800a6be1696df7fb4d9a41676e4"},{"fixed":"6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1"},{"fixed":"2f4a4d63a193be6fd530d180bb13c3592052904c"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35995.json"}}],"schema_version":"1.7.5"}