CVE-2024-42147: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-42147 affects the Linux kernel's crypto subsystem, specifically in the Hisilicon debugfs component. The vulnerability was discovered and disclosed on July 30, 2024. The issue occurs during the zip probe process where debugfs failure handling could lead to a double-free condition (NVD).

The vulnerability stems from an improper handling of debugfs initialization failures. When debugfs initialization fails, the error branch incorrectly releases registers (regs) multiple times during the uninit process, as it performs its own rollback operation in addition to the standard release procedure. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could lead to a double-free condition in the Linux kernel's crypto subsystem. This type of vulnerability typically results in memory corruption, which could potentially lead to privilege escalation, system crashes, or other security implications in the affected systems (NVD).

The issue has been fixed in the Linux kernel through a patch that adds null checks to the regs uninit process. The fix has been implemented in various kernel versions including 6.8.0-48.48 for Ubuntu 24.04 LTS and other distributions. Users are advised to update their systems to the patched versions (Ubuntu).