What is CVE-2024-42146?

CVE-2024-42146 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-42146 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-42146?

CVE-2024-42146 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-42146?

No patch is currently available for CVE-2024-42146. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-42146 actively exploited?

CVE-2024-42146 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-42146

Medium

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf Any kunit doing any memory access should get their own runtime_pm outer references since they don't use the standard driver API entries. In special this dma_buf from the same driver. Found by pre-merge CI on adding WARN calls for unprotected inner callers: <6> [318.639739] # xe_dma_buf_kunit: running xe_test_dmabuf_import_same_driver <4> [318.639957] ------------[ cut here ]------------ <4> [318.639967] xe 0000:4d:00.0: Missing outer runtime PM protection <4> [318.640049] WARNING: CPU: 117 PID: 3832 at drivers/gpu/drm/xe/xe_pm.c:533 xe_pm_runtime_get_noresume+0x48/0x60 [xe]

Package Linux Kernel

Published 2024-07-30

Last modified 2024-12-11

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2024-42146 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0888d15ea45ba8ef4508edd1123ea5ad95b58994
Patch
Kernel patch commit
https://git.kernel.org/stable/c/f9116f658a6217b101e3b4e89f845775b6fb05d9
Patch

Details

CVE ID CVE-2024-42146

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-07-30

Modified 2024-12-11

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-42146?

CVE-2024-42146 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-42146 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-42146?

CVE-2024-42146 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-42146?

No patch is currently available for CVE-2024-42146. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-42146 actively exploited?

No — CVE-2024-42146 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.