CVE-2024-39282: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-39282 affects the Linux kernel's WWAN T7XX driver component. The vulnerability was discovered in the FSM (Finite State Machine) command timeout handling mechanism and was disclosed on January 15, 2025. The issue specifically impacts the net/wwan/t7xx subsystem in the Linux kernel (NVD).

The vulnerability occurs when the driver processes internal state change commands using an asynchronous thread. When the main thread detects a task timeout, the asynchronous thread can panic during completion notification because the main thread completion object has been released. This results in a page fault at address 0xfffffffffffffff8, leading to a kernel panic. The issue stems from improper memory management in the FSM command handling mechanism (Kernel Commit).

When exploited, this vulnerability can cause a kernel panic in systems using the T7XX WWAN driver, resulting in a denial of service condition. The issue affects the system's stability and can lead to unexpected system crashes (NVD).

The issue has been fixed by implementing a reference counter to ensure safe release of resources. The fix involves modifying the FSM command structure to include a reference counter and updating the command completion handling mechanism. The patch has been merged into the Linux kernel and is available in updated versions (Kernel Commit, Debian Update).