CVE-2024-42319

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the mailbox: mtk-cmdq component. When mtk-cmdq unbinds, a WARN ON message with condition pm runtime get sync() < 0 occurs. The root cause is calling pm runtime get sync() after calling pm runtime disable(). The CMDQ driver uses devm mbox controller register() in cmdq probe() to bind the cmdq device to the mbox controller, and devm mbox controller unregister() will automatically unregister the device bound to the mailbox controller when the device-managed resource is removed. To fix this problem, cmdq probe() needs to move devm mbox controller register() after devm pm runtime enable() to make devm pm runtime disable() be called after devm mbox controller unregister().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-99

Related Identifiers

BDU:2025-08033

CVE-2024-42319

DLA-4076-1

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-42319

Weakness Enumeration

Related Identifiers

Affected Products

References · 1781