CVE-2024-42259: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-42259 is a vulnerability in the Linux kernel's DRM/i915/GEM driver that affects the Virtual Memory mapping boundaries calculation. The vulnerability was discovered in August 2024 and affects Linux kernel versions from 4.9 through 6.10.5. The issue occurs when calculating the size of mapped areas in the Intel graphics driver, where the calculation doesn't properly consider the partial mapping offset (NVD).

The vulnerability stems from an incorrect calculation of buffer size in the DRM/i915/GEM driver. When calculating the size of the mapped area as the lesser value between the requested size and the actual size, the code failed to consider the partial mapping offset. This calculation error affects the Virtual Memory mapping boundaries and can lead to page fault access. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and is classified as CWE-131 (Incorrect Calculation of Buffer Size) (NVD).

The vulnerability can cause page fault access when mapping memory in the Intel graphics driver. This could potentially lead to system instability or denial of service conditions in affected systems. The impact is primarily focused on availability, with no direct impact on confidentiality or integrity (Red Hat).

The vulnerability has been fixed in the Linux kernel through a patch that corrects the calculation of starting and ending addresses. The fix involves deducing the total size from the difference between end and start addresses, and the calculations have been rewritten in a clearer and more understandable form. The patch has been backported to various stable kernel versions (Kernel Patch).