CVE-2024-47141: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47141 affects the Linux kernel's pinmux subsystem. The vulnerability was discovered when two clients of the same GPIO call pinctrlselectstate() for the same functionality, leading to a NULL pointer issue while accessing desc->muxowner. The issue occurs when process A updates desc->muxusecount but hasn't yet updated desc->muxowner, while process B sees the updated usecount and attempts to access the NULL muxowner, resulting in a crash (NVD, Debian Tracker).

The vulnerability is caused by a race condition in the pinmux subsystem where concurrent access to desc->pinmux data is not properly synchronized. The issue manifests when two processes execute pin_request() for the same pin simultaneously. The CVSS v3.1 score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability has been classified as CWE-667 (Improper Locking) (NVD).

When exploited, this vulnerability can cause a NULL pointer dereference, leading to a system crash. This primarily affects system stability and availability, with no direct impact on confidentiality or integrity of the system (NVD).

The vulnerability has been patched by implementing proper mutex locking mechanisms to serialize access to mux-related settings. The fix involves adding a mutex lock to ensure sequential access to desc->pinmux data. The patch has been applied to Linux kernel versions 6.12.5 and later (Kernel Patch).