CVE-2024-42092
📋 TL;DR
A vulnerability in the Linux kernel's GPIO driver for Davinci platforms allows out-of-bounds memory access when parsing corrupted Device Tree data. This affects systems using the Davinci GPIO driver with improperly configured Device Trees, potentially leading to kernel crashes or privilege escalation.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel mode if combined with other vulnerabilities.
Likely Case
System instability or kernel panic when accessing GPIO functionality with corrupted Device Tree data.
If Mitigated
No impact if Device Tree is properly configured or system doesn't use Davinci GPIO driver.
🎯 Exploit Status
Requires local access and ability to modify or corrupt Device Tree data. Not easily weaponized for remote attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 2d83492259ad, 70b48899f3f2, 7aa9b96e9a73, 89d7008af494, a8d78984fdc1
Vendor Advisory: https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable Davinci GPIO driver
linuxRemove or blacklist the davinci_gpio driver if not needed
echo 'blacklist davinci_gpio' > /etc/modprobe.d/blacklist-davinci-gpio.conf
rmmod davinci_gpio
🧯 If You Can't Patch
- Ensure Device Tree configurations are validated and not corrupted
- Restrict physical access to systems using Davinci GPIO hardware
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if davinci_gpio module is loaded: 'lsmod | grep davinci_gpio' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or davinci_gpio module is not loaded📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- GPIO driver error messages in dmesg
- Out of bounds memory access errors
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("davinci_gpio" OR "GPIO" OR "out of bounds")🔗 References
- https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782
- https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b
- https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164
- https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d
- https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684
- https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470
- https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd
- https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9
- https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782
- https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b
- https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164
- https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d
- https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684
- https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470
- https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd
- https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
