CVE-2024-42096

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the profile pc() function used for timer-based profiling in the Linux kernel. This function makes assumptions about the stack layout that are not necessarily valid, leading to potential issues. The code tries to account for time spent in spinlocks, but its complexity and the resulting KASAN warnings make it more of a problem than a solution, especially since serious profiling is not commonly done using timers anymore. The function's dependence on a specific stack layout, which may not always be true, especially in cases where lock debugging is involved, complicates the code and can cause stack frames. This has led to KASAN unhappiness reported by syzkaller and others over the years. Given the lack of practical reason for this code anymore, the solution is to remove it.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.