PT-2024-29819 · Linux+5 · Linux Kernel+5

Published

2024-08-01

·

Updated

2026-03-14

·

CVE-2024-42267

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified) Linux kernel versions prior to 6.6.50
Description The issue is related to the riscv/mm component of the Linux kernel and involves incorrect handling of input, which can lead to a denial of service. The vulnerability is resolved by adding handling for VM FAULT SIGSEGV in the mm fault error() function, ensuring that the process is correctly killed and the kernel does not BUG().
Recommendations For Linux kernel versions prior to 6.6.50, update to version 6.6.50 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable riscv/mm component until a patch is available. Avoid using the mm fault error() function in sensitive operations until the issue is resolved. At the moment, there is no information about other newer versions that contain a fix for this vulnerability.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2025-01411
CVE-2024-42267
DLA-4008-1
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2076
OESA-2024-2107
OESA-2024-2108
OESA-2024-2123
USN-7100-1
USN-7100-2
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Ubuntu