CVE-2024-42253Improper Locking in Linux

CWE-667Improper Locking26 documents7 sources
Severity
4.7MEDIUMNVD
OSV5.5
EPSS
0.0%
top 97.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedAug 8
Latest updateDec 12

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call site pca953x_gpio_set_multiple() ensures the lock is held before calling pca953x_write_regs(). The problem occurred when a request raced against irq_bus_sync_unlock() approximately once per thousand reboots on an i.MX8MP b

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages9 packages

NVDlinux/linux_kernel6.26.6.42+3
Debianlinux/linux_kernel< 6.1.106-1+2
Ubuntulinux/linux_kernel< 6.8.0-48.48
CVEListV5linux/linux44896beae605b93f2232301befccb7ef4295319858a5c93bd1a6e949267400080f07e57ffe05ec34+4
debiandebian/linux< linux 6.1.106-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

12
OSV
linux-gkeop vulnerabilities2024-12-12
OSV
linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities2024-11-19
OSV
linux-gke vulnerabilities2024-11-15
OSV
linux-raspi vulnerabilities2024-11-14
OSV
linux-oem-6.8 vulnerabilities2024-11-13

📋Vendor Advisories

13
Ubuntu
Linux kernel (GKE) vulnerabilities2024-12-12
Ubuntu
Linux kernel (Low Latency) vulnerabilities2024-11-19
Ubuntu
Linux kernel vulnerabilities2024-11-15
Ubuntu
Linux kernel vulnerabilities2024-11-14
Ubuntu
Linux kernel vulnerabilities2024-11-13