CVE-2024-42093: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-42093 is a vulnerability discovered in the Linux kernel's DPAA2 ethernet driver, specifically related to cpumask variable allocation on stack. The issue was disclosed on July 29, 2024, affecting multiple versions of the Linux kernel up to versions 5.4.279, 5.10.221, 5.15.162, 6.1.97, 6.6.37, and 6.9.8 (NVD).

The vulnerability stems from explicit allocation of cpumask variable on stack in the DPAA2 ethernet driver when CONFIGCPUMASKOFFSTACK=y is enabled. This implementation could potentially cause stack overflow. The issue has been assigned a CVSS v3.1 base score of 7.8 (High) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with potential for high impact on confidentiality, integrity, and availability (NVD).

The vulnerability could allow a local attacker to potentially cause a stack overflow condition in the Linux kernel's DPAA2 ethernet driver. This could lead to system crashes or potentially enable privilege escalation on affected systems (RedHat).

The issue has been fixed by modifying the code to use *cpumaskvar API(s) to allocate cpumask variables in a config-neutral way, allowing the allocation strategy to be determined by CONFIGCPUMASK_OFFSTACK. Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has provided fixes across various kernel versions including 5.15.0-121.131 for 22.04 LTS and 5.4.0-195.215 for 20.04 LTS (Ubuntu).