CVE-2024-42099 in Linux
Summary
by MITRE • 07/30/2024
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: Fix invalid dereferencing of indirect CCW data pointer
Fix invalid dereferencing of indirect CCW data pointer in dasd_eckd_dump_sense() that leads to a kernel panic in error cases.
When using indirect addressing for DASD CCWs (IDAW) the CCW CDA pointer does not contain the data address itself but a pointer to the IDAL. This needs to be translated from physical to virtual as well before using it.
This dereferencing is also used for dasd_page_cache and also fixed although it is very unlikely that this code path ever gets used.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/25/2025
The vulnerability CVE-2024-42099 represents a critical memory management flaw within the Linux kernel's s390 architecture support, specifically affecting DASD (Direct Access Storage Device) subsystem operations. This issue manifests as an invalid memory dereference during error handling scenarios, potentially leading to system crashes and complete kernel panics. The vulnerability exists in the dasd_eckd_dump_sense() function which handles error reporting for ECKD (Extended Count Key Data) DASD devices, making it particularly dangerous in enterprise storage environments where reliable data access is paramount.
The technical root cause stems from improper handling of indirect addressing mechanisms used in DASD CCW (Channel Command Word) operations. When the system employs IDAW (Indirect Data Address Word) for addressing, the CCW CDA (Channel Data Address) pointer contains a reference to the IDAL (Indirect Data Address List) rather than the actual data address. The kernel fails to properly translate this physical address pointer to its corresponding virtual address before attempting to access the data, creating a direct dereference of an invalid memory location. This flaw specifically impacts the s390 architecture's storage subsystem and demonstrates a fundamental misunderstanding of how indirect addressing works in the hardware abstraction layer.
The operational impact of this vulnerability extends beyond simple system crashes, potentially compromising data integrity and availability in production environments. When error conditions occur during DASD operations, particularly those involving indirect addressing, the kernel's error handling routine attempts to dump sense data for diagnostic purposes. However, due to the improper pointer translation, the system crashes instead of providing useful diagnostic information, effectively masking the underlying storage issues. This behavior creates a false sense of system stability while simultaneously introducing denial-of-service risks that could affect entire data center operations, especially in mainframe environments where DASD storage remains critical for enterprise applications.
The fix implemented addresses both the primary vulnerability in dasd_eckd_dump_sense() and a secondary, less likely scenario involving dasd_page_cache operations. This comprehensive approach reflects the security team's recognition that similar pointer translation issues could exist in related code paths. The resolution requires proper conversion of physical addresses to virtual addresses before dereferencing pointers, ensuring that all memory access operations maintain valid address mappings. This fix aligns with CWE-476, which addresses null pointer dereference issues, and demonstrates the importance of proper memory management in kernel space operations. The vulnerability also relates to ATT&CK technique T1489, which covers system resource hijacking, as the improper memory handling could potentially be exploited to gain unauthorized access to system resources.
Mitigation strategies should focus on immediate kernel updates to address the specific memory management flaw, while system administrators should implement monitoring for unusual kernel panic patterns that might indicate exploitation attempts. Organizations running s390-based systems should prioritize patching this vulnerability as it affects core storage subsystem functionality. Additionally, implementing proper error logging and system health monitoring can help detect early signs of memory corruption issues that might be related to similar pointer dereference problems. The fix demonstrates the importance of thorough testing of error handling paths in kernel code, particularly for complex hardware abstraction layers where indirect addressing mechanisms are commonly employed.