CVE-2024-42127: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-42127 affects the Linux kernel's DRM/Lima driver. The vulnerability was discovered in July 2024 and involves a shared interrupt handling issue during driver removal. The lima driver uses shared interrupts that must be prepared to be called at any time, but during driver removal, the clocks are disabled early while interrupts remain registered until the end of the removal process due to devm usage (Kernel Commit).

The vulnerability stems from a timing issue where interrupt handlers access device registers assuming clocks are enabled, but the clocks are disabled early in the driver removal process. This can lead to a crash when removing the driver in kernels with CONFIGDEBUGSHIRQ enabled. The issue specifically affects the lima GPU driver's interrupt handling mechanism during the driver removal sequence (Kernel Commit).

The vulnerability can trigger a system crash during driver removal operations when specific debugging configurations are enabled. This primarily affects systems using the Lima GPU driver with CONFIGDEBUGSHIRQ enabled (NVD).

The issue has been fixed by freeing the interrupts at each lima device finishing callback, ensuring the handlers are unregistered before the clocks are fully disabled. The fix has been implemented in various Linux kernel versions including Ubuntu 24.04 LTS (6.8.0-48.48), Ubuntu 22.04 LTS (5.15.0-121.131), and Ubuntu 20.04 LTS (5.4.0-195.215) (Ubuntu Security).