CVE-2024-42113: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-42113 affects the Linux kernel's txgbe network driver. The vulnerability was discovered when using MSI/INTx interrupts, where the wx->numqvectors variable remains uninitialized, leading to potential kernel panic during queue vector allocation in the wxallocq_vectors() function. This issue was identified and reported on July 30, 2024 (NVD).

The vulnerability exists in the Linux kernel's network driver subsystem, specifically in the txgbe driver's interrupt handling code. The issue stems from an uninitialized wx->numqvectors variable when using MSI/INTx interrupts, which can cause a kernel panic during the execution of wxallocqvectors() function. The bug was introduced in commit 3f703186113f ("net: libwx: Add irq flow functions") and was fixed by initializing wx->numqvectors to 1 in the wxsetinterruptcapability function (Kernel Commit).

When exploited, this vulnerability can cause a kernel panic in systems using the affected txgbe network driver with MSI/INTx interrupts, potentially leading to system crashes and denial of service conditions (NVD).

The issue has been fixed in various Linux kernel versions. Ubuntu has released patches for affected versions including 24.04 LTS (noble) with kernel version 6.8.0-48.48 and 22.04 LTS (jammy) with various kernel variants. The fix involves initializing wx->numqvectors to 1 in the wxsetinterrupt_capability function (Ubuntu Security).