CVE-2024-42129 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: leds: mlxreg: Use devm_mutex_init() for mutex initialization In this driver LEDs are registered using devm_led_classdev_register() so they are automatically unregistered after module's remove() is done. led_classdev_unregister() calls module's led_set_brightness() to turn off the LEDs and that callback uses mutex which was destroyed already in module's remove() so use devm API instead.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/172ffd26a5af13e951d0e82df7cfc5a95b04fa80
https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51
https://git.kernel.org/stable/c/618c6ce83471ab4f7ac744d27b9d03af173bc141
https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16
https://lore.kernel.org/linux-cve-announce/2024073027-CVE-2024-42129-576e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42129
https://www.cve.org/CVERecord?id=CVE-2024-42129

History

Fri, 28 Mar 2025 21:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/618c6ce83471ab4f7ac744d27b9d03af173bc141

Mon, 02 Dec 2024 08:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/172ffd26a5af13e951d0e82df7cfc5a95b04fa80

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-30T07:46:25.436Z

Updated: 2025-05-04T09:23:43.765Z

Reserved: 2024-07-29T15:50:41.185Z

Link: CVE-2024-42129

Vulnrichment

Updated: 2024-08-02T04:54:32.248Z

NVD

Status : Awaiting Analysis

Published: 2024-07-30T08:15:04.977

Modified: 2025-03-28T22:15:16.783

Link: CVE-2024-42129

Redhat

Severity : Low

Publid Date: 2024-07-30T00:00:00Z

Links: CVE-2024-42129 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42129", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.185Z", "datePublished": "2024-07-30T07:46:25.436Z", "dateUpdated": "2025-05-04T09:23:43.765Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:23:43.765Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: mlxreg: Use devm_mutex_init() for mutex initialization\n\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module's remove() is done.\nled_classdev_unregister() calls module's led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module's remove() so use devm API instead."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/leds/leds-mlxreg.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "618c6ce83471ab4f7ac744d27b9d03af173bc141", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "172ffd26a5af13e951d0e82df7cfc5a95b04fa80", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "3b62888307ae44b68512d3f7735c26a4c8e45b51", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "efc347b9efee1c2b081f5281d33be4559fa50a16", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/leds/leds-mlxreg.c"], "versions": [{"version": "6.1.132", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.63", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.132"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.63"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/618c6ce83471ab4f7ac744d27b9d03af173bc141"}, {"url": "https://git.kernel.org/stable/c/172ffd26a5af13e951d0e82df7cfc5a95b04fa80"}, {"url": "https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51"}, {"url": "https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16"}], "title": "leds: mlxreg: Use devm_mutex_init() for mutex initialization", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.248Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42129", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:16:31.842142Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:36.739Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.248Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42129", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:16:31.842142Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.774Z"}}], "cna": {"title": "leds: mlxreg: Use devm_mutex_init() for mutex initialization", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "618c6ce83471ab4f7ac744d27b9d03af173bc141", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "172ffd26a5af13e951d0e82df7cfc5a95b04fa80", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "3b62888307ae44b68512d3f7735c26a4c8e45b51", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "efc347b9efee1c2b081f5281d33be4559fa50a16", "versionType": "git"}], "programFiles": ["drivers/leds/leds-mlxreg.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.1.132", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.63", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/leds/leds-mlxreg.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/618c6ce83471ab4f7ac744d27b9d03af173bc141"}, {"url": "https://git.kernel.org/stable/c/172ffd26a5af13e951d0e82df7cfc5a95b04fa80"}, {"url": "https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51"}, {"url": "https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: mlxreg: Use devm_mutex_init() for mutex initialization\n\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module's remove() is done.\nled_classdev_unregister() calls module's led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module's remove() so use devm API instead."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.132"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.63"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:23:43.765Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42129", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:23:43.765Z", "dateReserved": "2024-07-29T15:50:41.185Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:46:25.436Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: leds: mlxreg: Use devm_mutex_init() for mutex initialization", "id": "2301494", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301494"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nleds: mlxreg: Use devm_mutex_init() for mutex initialization\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module's remove() is done.\nled_classdev_unregister() calls module's led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module's remove() so use devm API instead.", "A flaw was found in the Linux kernel. The led_classdev_unregister() calls the led_set_brightness() module to turn off the LEDs. This callback uses mutex, which was destroyed in the remove() module."], "name": "CVE-2024-42129", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42129\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42129\nhttps://lore.kernel.org/linux-cve-announce/2024073027-CVE-2024-42129-576e@gregkh/T"], "threat_severity": "Low"}