PT-2024-7073 · Linux+9 · Linux Kernel+9

Published

2024-04-02

·

Updated

2025-09-29

·

CVE-2024-42094

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the explicit allocation of cpumask variable on the stack in the Linux kernel, which can cause a potential stack overflow for kernels configured with CONFIG CPUMASK OFFSTACK=y. Instead, the kernel code should use *cpumask var API(s) to allocate cpumask var in a config-neutral way. The vulnerability in the iucv cpu down prep() function in the net/iucv/iucv.c module is associated with writing memory beyond the allocated buffer, which can allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2024:7000
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-11524
ALT-PU-2024-12537
ALT-PU-2024-13979
ALT-PU-2024-14046
ALT-PU-2024-9967
BDU:2024-08331
CESA-2024_7000
CVE-2024-42094
DLA-4008-1
INFSA-2024_7000
OESA-2024-1961
OESA-2024-1962
OESA-2024-1963
OESA-2024-1964
OESA-2025-1078
RHSA-2024:7000
RHSA-2024_7000
RHSA-2025:15668
RHSA-2025:6966
RHSA-2025_6966
USN-7003-1
USN-7003-2
USN-7003-3
USN-7003-4
USN-7003-5
USN-7006-1
USN-7007-1
USN-7007-2
USN-7007-3
USN-7009-1
USN-7009-2
USN-7019-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7121-1
USN-7121-2
USN-7121-3
USN-7156-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Ubuntu