#VU95014 Improper error handling in Linux kernel - CVE-2024-42127

Vulnerability identifier: #VU95014

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42127

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the lima_pp_init() and lima_pp_bcast_init() functions in drivers/gpu/drm/lima/lima_pp.c, within the lima_mmu_init() function in drivers/gpu/drm/lima/lima_mmu.c, within the lima_gp_init() function in drivers/gpu/drm/lima/lima_gp.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0d60c43df59ef01c08dc7b0c45495178f9d05a13
https://git.kernel.org/stable/c/25d0d9b83d855cbc5d5aa5ae3cd79d55ea0c84a8
https://git.kernel.org/stable/c/17fe8b75aaf0bb1bdc31368963446b421c22d0af
https://git.kernel.org/stable/c/0a487e977cb8897ae4c51ecd34bbaa2b005266c9
https://git.kernel.org/stable/c/04d531b9a1875846d4f89953b469ad463aa7a770
https://git.kernel.org/stable/c/b5daf9217a50636a969bc1965f827878aeb09ffe
https://git.kernel.org/stable/c/a6683c690bbfd1f371510cb051e8fa49507f3f5e

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.