CVE-2024-42129

Summary

In the Linux kernel, the following vulnerability has been resolved:

leds: mlxreg: Use devm_mutex_init() for mutex initialization

In this driver LEDs are registered using devm_led_classdev_register() so they are automatically unregistered after module's remove() is done. led_classdev_unregister() calls module's led_set_brightness() to turn off the LEDs and that callback uses mutex which was destroyed already in module's remove() so use devm API instead.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux386570d76f2f25a347a7118fa54315d56b46e7be < 618c6ce83471ab4f7ac744d27b9d03af173bc141affected
LinuxLinux386570d76f2f25a347a7118fa54315d56b46e7be < 172ffd26a5af13e951d0e82df7cfc5a95b04fa80affected
LinuxLinux386570d76f2f25a347a7118fa54315d56b46e7be < 3b62888307ae44b68512d3f7735c26a4c8e45b51affected
LinuxLinux386570d76f2f25a347a7118fa54315d56b46e7be < efc347b9efee1c2b081f5281d33be4559fa50a16affected
LinuxLinux4.17affected
LinuxLinux0 < 4.17unaffected
LinuxLinux6.1.132 <= 6.1.*unaffected
LinuxLinux6.6.63 <= 6.6.*unaffected
LinuxLinux6.9.9 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References