CVE-2024-42129

low-risk

Published 2024-07-30

In the Linux kernel, the following vulnerability has been resolved: leds: mlxreg: Use devm_mutex_init() for mutex initialization In this driver LEDs are registered using devm_led_classdev_register() so they are automatically unregistered after module's remove() is done. led_classdev_unregister() calls module's led_set_brightness() to turn off the LEDs and that callback uses mutex which was destroyed already in module's remove() so use devm API instead.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (7)

Patch https://git.kernel.org/stable/c/172ffd26a5af13e951d0e82df7cfc5a95b04fa80

Patch https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51

Patch https://git.kernel.org/stable/c/618c6ce83471ab4f7ac744d27b9d03af173bc141

Patch https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16

Patch https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51

Patch https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal