CVE-2024-42261

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind. (cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791	Patch
https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::

History

03 Oct 2025, 18:59

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux Linux linux Kernel
CWE		NVD-CWE-noinfo
References	~~() https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 -~~	() https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 - Patch
References	~~() https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7 -~~	() https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

Information

Published : 2024-08-17 09:15

Updated : 2025-10-03 18:59

NVD link : CVE-2024-42261

Mitre link : CVE-2024-42261

CVE.ORG link : CVE-2024-42261

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-42261", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-17T09:15:07.600", "references": [{"url": "https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: validar los identificadores pasados de drm syncobj en la extensi\u00f3n de marca de tiempo. Si el espacio de usuario proporciona un identificador desconocido o no v\u00e1lido en cualquier parte de la matriz de identificadores, el resto del controlador no lo manejar\u00e1 tan bien. Arr\u00e9glelo comprobando que el identificador se haya buscado correctamente o, de lo contrario, falle la extensi\u00f3n saltando al desenrollado existente. (cereza escogida del commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)"}], "lastModified": "2025-10-03T18:59:36.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B935B3-1FAC-4502-A5BA-A3C286A20469", "versionEndExcluding": "6.10.4", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}