CVE-2024-42128

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified) Linux kernel versions prior to 6.6.43

Description The issue in the Linux kernel is related to the use of mutex initialization in the LEDs driver. The driver registers LEDs using devm led classdev register(), which automatically unregisters them after the module's remove() is done. However, led classdev unregister() calls the module's led set brightness() to turn off the LEDs, and this callback uses a mutex that was already destroyed in the module's remove(). To resolve this, devm mutex init() is used for mutex initialization.

Recommendations For Linux kernel versions prior to 6.6.43, update to version 6.6.43 or later to resolve the issue. As a temporary workaround, consider disabling the led set brightness() function until a patch is available. Restrict access to the LEDs driver to minimize the risk of exploitation.

Exploit

Fix

Improper Initialization

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665CWE-908

Related Identifiers

BDU:2026-03248

CVE-2024-42128

ECHO-4BA1-78E6-DBE2

MGASA-2024-0277

MGASA-2024-0278

OESA-2024-1992

OESA-2024-1994

OESA-2024-1995

OESA-2024-2296

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2024-42128

Weakness Enumeration

Related Identifiers

Affected Products

References · 798