PT-2024-6980 · Linux+10 · Linux Kernel+10

Tuhaowen

·

Published

2024-07-10

·

Updated

2025-09-29

·

CVE-2024-42301

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50
Description The issue is related to an array out-of-bounds risk in the dev/parport module of the Linux kernel. This vulnerability is caused by the use of sprintf, which has been replaced with snprintf to ensure safer data copying and prevent destination buffer overflows. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. A stack trace is provided, showing a kernel panic due to a stack-protector error, indicating a corrupted kernel stack in the do hardware base addr function.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the do hardware base addr() function until a patch is available. Restrict access to the vulnerable module parport to minimize the risk of exploitation. Avoid using the parport module until the issue is resolved. At the moment, there is no other information about additional mitigation measures.

Exploit

Fix

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

ALSA-2024:8856
ALSA-2024:8870
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-11345
ALT-PU-2024-11524
ALT-PU-2024-11577
ALT-PU-2024-11855
ALT-PU-2024-11863
ALT-PU-2024-12232
ALT-PU-2024-12537
ALT-PU-2024-13121
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-47965
AZL-48021
BDU:2024-08229
CESA-2024_8856
CESA-2024_8870
CVE-2024-42301
DLA-3912-1
DLA-4008-1
INFSA-2024_8856
INFSA-2024_8870
INFSA-2024_9315
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2122
OESA-2024-2321
OESA-2024-2322
OESA-2024-2324
OESA-2024-2325
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
OPENSUSE-SU-2024_3547-1
RHSA-2024:8856
RHSA-2024:8870
RHSA-2024:9315
RHSA-2024_8856
RHSA-2024_8870
RHSA-2024_9315
RHSA-2025:4342
RLSA-2024:8856
RLSA-2024:8870
SUSE-SU-2024:3189-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3251-1
SUSE-SU-2024:3252-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2024:3547-1
SUSE-SU-2024:3563-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7100-1
USN-7100-2
USN-7119-1
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1
USN-7553-1
USN-7553-2
USN-7553-3
USN-7553-4
USN-7553-5
USN-7553-6
USN-7554-1
USN-7554-2
USN-7554-3

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu