CVE-2024-42091

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Check pat.ops before dumping PAT settings We may leave pat.ops unset when running on brand new platform or when running as a VF. While the former is unlikely, the latter is valid (future) use case and will cause NPD when someone will try to dump PAT settings by debugfs. It's better to check pointer to pat.ops instead of specific .dump hook, as we have this hook always defined for every .ops variant.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb	Patch
https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc	Patch
https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb	Patch
https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

07 Oct 2025, 16:47

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb -~~	() https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb - Patch
References	~~() https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc -~~	() https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc - Patch
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel

Information

Published : 2024-07-29 18:15

Updated : 2025-10-07 16:47

NVD link : CVE-2024-42091

Mitre link : CVE-2024-42091

CVE.ORG link : CVE-2024-42091

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-42091", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-07-29T18:15:11.657", "references": [{"url": "https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Check pat.ops before dumping PAT settings\n\nWe may leave pat.ops unset when running on brand new platform or\nwhen running as a VF. While the former is unlikely, the latter\nis valid (future) use case and will cause NPD when someone will\ntry to dump PAT settings by debugfs.\n\nIt's better to check pointer to pat.ops instead of specific .dump\nhook, as we have this hook always defined for every .ops variant."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: verifique pat.ops antes de volcar la configuraci\u00f3n de PAT. Podemos dejar pat.ops sin configurar cuando se ejecuta en una plataforma nueva o cuando se ejecuta como VF. Si bien lo primero es poco probable, el segundo es un caso de uso v\u00e1lido (futuro) y causar\u00e1 NPD cuando alguien intente volcar la configuraci\u00f3n de PAT mediante debugfs. Es mejor marcar el puntero a pat.ops en lugar del gancho .dump espec\u00edfico, ya que siempre tenemos este gancho definido para cada variante de .ops."}], "lastModified": "2025-10-07T16:47:42.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01A4BD4E-FEF5-4966-9017-7AAE1629F735", "versionEndExcluding": "6.9.8", "versionStartIncluding": "6.8"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}