Login Sign Up

CVE-2024-42102

4.7 MEDIUM
Denial of Service

📋 TL;DR

This CVE addresses a potential divide-by-zero vulnerability in the Linux kernel's writeback mechanism that could cause kernel panics or system instability. The vulnerability affects Linux systems where dirty page thresholds exceed 32-bit limits, potentially leading to denial of service. Systems with 4GB+ RAM using default settings are particularly susceptible.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific versions between the vulnerable commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78 and its revert
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Systems with 4GB+ RAM using default dirty page settings are most vulnerable. The issue primarily affects 32-bit architectures but can also impact 64-bit systems.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical intervention to restore functionality.

🟠

Likely Case

System instability, performance degradation, or occasional crashes when dirty page thresholds are exceeded during writeback operations.

🟢

If Mitigated

Minor performance impact or no noticeable effect if system memory usage remains below threshold triggers.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access; not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the condition leading to system instability affecting all users.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires local access and ability to manipulate dirty page thresholds. This is more likely to be triggered accidentally than maliciously exploited.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commit reversion (see provided git.kernel.org references)

Vendor Advisory: https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from official distribution repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Adjust dirty page thresholds

linux

Reduce dirty page thresholds below overflow trigger points

sysctl -w vm.dirty_background_ratio=5
sysctl -w vm.dirty_ratio=10

🧯 If You Can't Patch

  • Implement workaround by adjusting vm.dirty_background_ratio and vm.dirty_ratio sysctl parameters
  • Monitor system memory usage and avoid memory-intensive operations that could trigger threshold conditions

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare against affected range. Use: uname -r and check if between vulnerable commit and fix.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version matches patched release and check that commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78 is reverted.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • 'divide error' in kernel logs
  • System crash/reboot events

Network Indicators:

  • None - this is a local kernel issue

SIEM Query:

source="kernel" AND ("divide error" OR "panic" OR "Oops")

📊 Metadata

CVE ID: CVE-2024-42102
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-369
Published: July 30, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42102, you might also want to check these:

CVE-2021-32494 10.0

CVE-2021-32494 is a division by zero vulnerability in Radare2's Mach-O parser that allows attackers ...

Same vulnerability type (CWE-369)
CVE-2020-20892 8.8

A division by zero vulnerability in FFmpeg's lens correction filter allows attackers to cause denial...

Same vulnerability type (CWE-369)
CVE-2023-3896 7.8

This vulnerability is a divide-by-zero error in Vim text editor versions 9.0.1367-1 through 9.0.1367...

Same vulnerability type (CWE-369)