CVE-2024-42147

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.43

Description A vulnerability has been resolved in the Linux kernel, specifically in the crypto: hisilicon/debugfs module. The issue occurs during the zip probe process when debugfs initialization fails, causing the error branch to release regs repeatedly. To fix this, a null check needs to be added to the regs uninit process.

Recommendations Update to Linux kernel version 6.6.43 or later to resolve the issue. As a temporary workaround, consider adding a null check to the regs uninit process to prevent repeated releases of regs.

Exploit

Fix

DoS

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2025-04549

CVE-2024-42147

DLA-4008-1

MGASA-2024-0277

MGASA-2024-0278

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-42147

Weakness Enumeration

Related Identifiers

Affected Products

References · 1567