PT-2024-10455 · Linux+4 · Linux Kernel+4

Jiawen Wu

Published

2024-07-30

Updated

2025-02-03

CVE-2024-42113

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.43

Description The vulnerability is related to the use of an uninitialized resource in the Linux kernel's net component. When using MSI/INTx interrupts, the wx->num q vectors variable is uninitialized, leading to a kernel panic in the wx alloc q vectors() function. This issue can be exploited to cause a denial of service.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.43 or later. As a temporary workaround, consider disabling the use of MSI/INTx interrupts until a patch is available. Restrict access to the vulnerable net component to minimize the risk of exploitation. Avoid using the wx alloc q vectors() function until the issue is resolved.

Exploit

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

BDU:2025-00995

CVE-2024-42113

MGASA-2024-0277

MGASA-2024-0278

OESA-2024-2076

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Affected Products

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-10455 · Linux+4 · Linux Kernel+4

CVE-2024-42113

Weakness Enumeration

Related Identifiers

Affected Products

References · 1688