CVE-2024-42159
📋 TL;DR
This CVE is an integer overflow vulnerability in the Linux kernel's mpi3mr SCSI driver. It allows attackers to write beyond allocated memory bounds by providing a large num_phys value that exceeds the phy_mask field size. Systems running vulnerable Linux kernel versions with the mpi3mr driver loaded are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, or potential privilege escalation if combined with other vulnerabilities.
Likely Case
System instability, kernel crashes, or denial of service affecting SCSI storage operations.
If Mitigated
Minimal impact if proper input validation is in place or the driver isn't loaded.
🎯 Exploit Status
Requires local access or ability to interact with the SCSI subsystem. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 3668651def2c1622904e58b0280ee93121f2b10b or later
Vendor Advisory: https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify mpi3mr driver is using sanitized num_phys values.
🔧 Temporary Workarounds
Unload mpi3mr driver
linuxRemove the vulnerable driver if not needed
sudo rmmod mpi3mr
Blacklist mpi3mr module
linuxPrevent driver from loading at boot
echo 'blacklist mpi3mr' | sudo tee /etc/modprobe.d/blacklist-mpi3mr.conf
🧯 If You Can't Patch
- Ensure strict access controls to prevent unauthorized local users
- Monitor system logs for kernel panics or SCSI subsystem errors
🔍 How to Verify
Check if Vulnerable:
Check if mpi3mr driver is loaded: lsmod | grep mpi3mr. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and mpi3mr driver loads without errors.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- SCSI subsystem errors
- mpi3mr driver crash logs
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "mpi3mr")🔗 References
- https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b
- https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0
- https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df
- https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf
- https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b
- https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0
- https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df
- https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
