CVE-2024-42150 in Linuxinfo

Summary

by MITRE • 07/30/2024

In the Linux kernel, the following vulnerability has been resolved:

net: txgbe: remove separate irq request for MSI and INTx

When using MSI or INTx interrupts, request_irq() for pdev->irq will conflict with request_threaded_irq() for txgbe->misc.irq, to cause system crash. So remove txgbe_request_irq() for MSI/INTx case, and rename txgbe_request_msix_irqs() since it only request for queue irqs.

Add wx->misc_irq_domain to determine whether the driver creates an IRQ domain and threaded request the IRQs.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/19/2025

The vulnerability identified as CVE-2024-42150 resides within the Linux kernel's network driver implementation, specifically affecting the txgbe driver used for Intel 10 Gigabit Ethernet adapters. This issue manifests as a critical interrupt handling conflict that can lead to system crashes when the driver attempts to manage multiple interrupt sources simultaneously. The flaw occurs during the initialization phase when the driver tries to establish interrupt handlers for both MSI (Message Signaled Interrupts) and INTx (Legacy PCI Interrupts) modes, creating a fundamental conflict in the interrupt request mechanism that the kernel's interrupt subsystem cannot properly resolve.

The technical root cause of this vulnerability stems from improper interrupt management within the txgbe network driver where separate interrupt request functions are called for different interrupt types without proper coordination. When the driver attempts to use request_irq() for the primary device interrupt pdev->irq alongside request_threaded_irq() for the txgbe->misc.irq interrupt, these conflicting requests create a race condition and memory corruption scenario that ultimately results in kernel panics and system instability. This conflict directly violates the interrupt handling principles defined in the Linux kernel's interrupt subsystem architecture and represents a classic case of improper resource management in kernel space.

The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise network connectivity and overall system reliability for devices utilizing Intel 10 Gigabit Ethernet adapters. Systems running affected kernel versions may experience unexpected reboots or complete system hangs when network traffic is processed through interfaces using the txgbe driver, particularly in high-throughput environments where interrupt handling is critical. This vulnerability affects the broader network infrastructure by potentially causing service disruptions and creating security concerns where network availability is essential for system operations, making it particularly dangerous in enterprise and data center environments.

The fix implemented for CVE-2024-42150 addresses the core interrupt management issue by removing the problematic txgbe_request_irq() function call specifically for MSI and INTx interrupt modes, while also renaming the txgbe_request_msix_irqs() function to better reflect its actual purpose of handling queue interrupts only. The solution introduces a new wx->misc_irq_domain variable to properly determine when the driver should create an IRQ domain and handle threaded interrupt requests appropriately. This remediation aligns with the principles outlined in the Common Weakness Enumeration (CWE) category CWE-691, which addresses insufficient interrupt handling and improper resource management in kernel drivers. The fix also follows ATT&CK framework techniques related to privilege escalation and system compromise through kernel-level vulnerabilities, ensuring that the interrupt handling mechanism properly coordinates between different interrupt types and prevents the kernel from entering an inconsistent state during interrupt processing operations.

Responsible

Linux

Reservation

07/29/2024

Disclosure

07/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00183

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!