What is CVE-2024-42259?

CVE-2024-42259 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-42259 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-42259?

CVE-2024-42259 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-42259?

No patch is currently available for CVE-2024-42259. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-42259 actively exploited?

CVE-2024-42259 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-42259

Medium

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending addresses, the total size is now deduced from the difference between the end and start addresses. Additionally, the calculations have been rewritten in a clearer and more understandable form. [Joonas: Add Requires: tag] Requires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset") (cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)

Package Linux Kernel

Published 2024-08-14

Last modified 2026-05-12

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-131

CVE-2024-42259 is classified as CWE-131

See CWE-131 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2024-42259 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Project-Zero
https://project-zero.issues.chromium.org/issues/42451707
Debian Security
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
Debian Security
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Cert-Portal
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Kernel patch commit
https://git.kernel.org/stable/c/3e06073d24807f04b4694108a8474decb7b99e60
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4b09513ce93b3dcb590baaaff2ce96f2d098312d
Patch
Kernel patch commit
https://git.kernel.org/stable/c/50111a8098fb9ade621eeff82228a997d42732ab
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2024-42259

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-08-14

Modified 2026-05-12

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-42259?

CVE-2024-42259 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-42259 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-42259?

CVE-2024-42259 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-42259?

No patch is currently available for CVE-2024-42259. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-42259 actively exploited?

No — CVE-2024-42259 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.