Login Sign Up

CVE-2024-42140

5.5 MEDIUM

📋 TL;DR

A race condition in the Linux kernel's RISC-V kexec crash path can cause a deadlock when called from interrupt context. This vulnerability affects Linux systems running on RISC-V architecture and could lead to denial of service. The issue occurs during crash handling when the kernel tries to acquire spinlocks in interrupt context.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE, but references indicate stable kernel commits from 2024
Operating Systems: Linux distributions running on RISC-V architecture
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using RISC-V architecture. Requires kexec functionality and crash handling scenarios.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System deadlock during crash handling, preventing proper crash dump collection and potentially leaving the system in an unstable state requiring hard reset.

🟠

Likely Case

System hangs or becomes unresponsive during crash scenarios when interrupts are active, preventing proper crash analysis.

🟢

If Mitigated

Crash handling may fail gracefully without deadlock, but crash dumps might be incomplete.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access or ability to trigger kernel crashes.
🏢 Internal Only: MEDIUM - Could affect system reliability during crashes, impacting availability for critical systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires ability to trigger kernel crashes in specific interrupt context

Exploitation requires local access and ability to trigger kernel crashes. Not easily weaponized for privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel commits referenced in CVE (e.g., 484dd545271d02d1571e1c6b62ea7df9dbe5e692)

Vendor Advisory: https://git.kernel.org/stable/c/484dd545271d02d1571e1c6b62ea7df9dbe5e692

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from official kernel.org or distribution repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable kexec crash handling

linux

Prevent kexec crash handling which could trigger the deadlock

echo 0 > /sys/kernel/kexec_crash_loaded
echo 0 > /proc/sys/kernel/panic_on_oops

🧯 If You Can't Patch

  • Avoid triggering kernel crashes on RISC-V systems
  • Implement monitoring for system hangs during crash scenarios

🔍 How to Verify

Check if Vulnerable:

Check kernel version and architecture: uname -a | grep -i riscv && check if kernel version is before patched commits

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes patched commits: grep -r '484dd545271d02d1571e1c6b62ea7df9dbe5e692' /boot/System.map* || check kernel changelog

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages followed by system hangs
  • Missing crash dumps after system crashes
  • Kernel oops messages without proper crash handling

Network Indicators:

  • None - local kernel issue

SIEM Query:

source="kernel" AND ("panic" OR "oops") AND NOT "crash dump complete"

📊 Metadata

CVE ID: CVE-2024-42140
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-667
Published: July 30, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42140, you might also want to check these:

CVE-2020-12658 9.8

CVE-2020-12658 is a critical vulnerability in gssproxy (GSS-API proxy daemon) where improper mutex h...

Same vulnerability type (CWE-667)
CVE-2020-11284 8.4

This vulnerability allows non-secure boot loaders to unlock and modify memory regions that should re...

Same vulnerability type (CWE-667)
CVE-2021-22530 8.2

CVE-2021-22530 is an authentication bypass vulnerability in NetIQ Advanced Authentication that allow...

Same vulnerability type (CWE-667)