CVE-2024-42301
📋 TL;DR
This CVE-2024-42301 is an array out-of-bounds vulnerability in the Linux kernel's parport (parallel port) subsystem, caused by unsafe use of sprintf() that could overflow buffers. It affects Linux systems with parallel port support enabled, potentially allowing local attackers to cause kernel panic or execute arbitrary code. The vulnerability requires local access to exploit.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, leading to complete system compromise and potential persistence mechanisms.
Likely Case
Kernel panic leading to denial of service (system crash) when malicious input is passed to the parport subsystem.
If Mitigated
No impact if parport module is not loaded or parallel port functionality is disabled.
🎯 Exploit Status
Exploitation requires local access and knowledge of how to trigger the vulnerable parport functionality. The stack trace shows it was triggered by a user-space application.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions containing the fix commits listed in references
Vendor Advisory: https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution's repositories. 2. Reboot the system to load the new kernel. 3. Verify the fix by checking kernel version and ensuring parport module is not causing crashes.
🔧 Temporary Workarounds
Disable parport module
linuxPrevent loading of the vulnerable parallel port module
echo 'blacklist parport' > /etc/modprobe.d/blacklist-parport.conf
rmmod parport
update-initramfs -u
Restrict access to parallel port devices
linuxChange permissions on parallel port device files to prevent unauthorized access
chmod 600 /dev/parport*
chown root:root /dev/parport*
🧯 If You Can't Patch
- Disable parallel port support in kernel configuration and rebuild kernel
- Implement strict access controls to prevent unauthorized users from accessing parallel port functionality
🔍 How to Verify
Check if Vulnerable:
Check if parport module is loaded: lsmod | grep parport. If loaded and kernel version is unpatched, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version is patched: uname -r. Verify parport module loads without issues and no kernel panics occur when accessing parallel port.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'stack-protector' and 'parport'
- Stack traces showing do_hardware_base_addr+0xcc/0xd0 [parport]
- System crashes or reboots with parport-related errors
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("stack-protector" OR "parport" OR "do_hardware_base_addr")🔗 References
- https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8
- https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d
- https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a
- https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84
- https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0
- https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5
- https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e
- https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
