CVE-2024-42249

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Aug 7, 2024

Updated: Aug 8, 2024

Summary

CVE-2024-42249 is a vulnerability affecting the Linux kernel. In the SPI (Serial Peripheral Interface) subsystem, a mistake in the spi_async() function led to an incorrect call to spi_maybe_unoptimize_message(). This issue occurs because the message is likely still in the queue and not yet transferred, resulting in potential corruption. The correct placement for this call is in spi_finalize_current_message(), and the function now balances the call to spi_maybe_optimize_message() accordingly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xVjTBB
https://www.cve.org/CVERecord?id=CVE-2024-42249
https://nvd.nist.gov/vuln/detail/CVE-2024-42249

Back to Vulnerability Database