PT-2024-29820 · Linux+7 · Linux Kernel+7

Published

2024-07-31

·

Updated

2025-09-29

·

CVE-2024-42268

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50
Description The vulnerability is related to a missing lock on sync reset reload in the net/mlx5 component of the Linux kernel. When a remote host updates devlink on reload actions performed on that host, it misses taking the devlink lock before calling devlink remote reload actions performed(), resulting in a lock assert. This issue can be triggered when the devlink notify function is called, and it may lead to a denial of service.
Recommendations To resolve this issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the devlink remote reload actions performed() function until a patch is available. Restrict access to the devlink notify function to minimize the risk of exploitation. Avoid using the devlink module in the affected API endpoints until the issue is resolved.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-11524
ALT-PU-2024-11855
ALT-PU-2024-11863
ALT-PU-2024-13121
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-47805
BDU:2025-01437
CVE-2024-42268
DLA-4008-1
INFSA-2024_9315
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2076
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7196-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu