CVE-2024-42147 – This CVE describes a double-free vulnerability ... (How to Fix)

Q: What is the severity of CVE-2024-42147?

CVE-2024-42147 has a CVSS score of 7.8 (HIGH). This CVE describes a double-free vulnerability in the Linux kernel's Hisilicon crypto driver debugfs component. When debugfs initialization fails during the zip probe process, the error handling path can cause the same memory region to be freed twice, potentially leading to memory corruption. This affects systems using the Hisilicon crypto acceleration hardware with the vulnerable kernel driver.

📋 TL;DR

This CVE describes a double-free vulnerability in the Linux kernel's Hisilicon crypto driver debugfs component. When debugfs initialization fails during the zip probe process, the error handling path can cause the same memory region to be freed twice, potentially leading to memory corruption. This affects systems using the Hisilicon crypto acceleration hardware with the vulnerable kernel driver.

💻 Affected Systems

Products:

Linux kernel with Hisilicon crypto driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when Hisilicon crypto hardware is present and the driver is loaded. Debugfs must be accessible.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash leading to denial of service, or potential privilege escalation if an attacker can trigger the double-free and control subsequent memory allocations.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting the crypto acceleration functionality.

🟢

If Mitigated

Limited impact if the vulnerable driver is not loaded or if the specific hardware is not present.

🌐 Internet-Facing: LOW - Requires local access to trigger the vulnerability through the debugfs interface.

🏢 Internal Only: MEDIUM - Local users or processes with access to debugfs could potentially trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to trigger debugfs initialization failures. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e, 8be0913389718e8d27c4f1d4537b5e1b99ed7739, e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3, eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c

Vendor Advisory: https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e

Restart Required: Yes

Instructions:

1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable debugfs access

linux

Prevent access to debugfs which is required to trigger the vulnerability

mount -o remount,nodebug /sys/kernel/debug
chmod 000 /sys/kernel/debug

Unload vulnerable driver

linux

Remove the hisilicon crypto driver if not needed

rmmod hisi_zip
echo 'blacklist hisi_zip' > /etc/modprobe.d/blacklist-hisi-zip.conf

🧯 If You Can't Patch

Restrict debugfs access to privileged users only
Disable Hisilicon crypto hardware if not required for system operation

🔍 How to Verify

Check if Vulnerable:

Check if the hisi_zip driver is loaded: lsmod | grep hisi_zip. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or check with your distribution's security advisory.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes related to hisi_zip driver
Memory corruption errors in dmesg

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("hisi_zip" OR "double free" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2024-42147

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

Published: July 30, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42147, you might also want to check these: