PT-2024-29852 · Linux+4 · Linux Kernel+4

Published

2024-06-26

Updated

2025-02-03

CVE-2024-42303

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The vulnerability is related to the media component of the Linux kernel and is caused by incorrect input validation. Exploitation of this issue may allow an attacker to cause a denial of service. The vulnerability is resolved by fixing an ERR PTR dereference in the pxp probe() function and adding a check to bail out in case of an error in devm regmap init mmio().

Recommendations Update to Linux kernel version 6.6.50 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable media component until a patch is available. Restrict access to the vulnerable function pxp probe() to minimize the risk of exploitation. Avoid using the devm regmap init mmio() function in sensitive operations until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-20

Related Identifiers

BDU:2025-01428

CVE-2024-42303

MGASA-2024-0309

MGASA-2024-0310

OESA-2024-2124

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Affected Products

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-29852 · Linux+4 · Linux Kernel+4

CVE-2024-42303

Weakness Enumeration

Related Identifiers

Affected Products

References · 1646