CVE-2024-42107 is a vulnerability identified in the Linux kernel's ice network driver, specifically related to the Precision Time Protocol (PTP) external timestamping feature. The issue arises from a race condition between the functions ice_ptp_extts_event() and ice_ptp_release(). When the PTP clock is disabled or released, the ice_ptp_extts_event() function may still be called due to an interrupt for an external timestamp event. This function attempts to call ptp_clock_event() with a NULL pointer because the PTP clock has already been released, leading to a NULL pointer dereference. The consequence of this dereference is a kernel panic, which causes the system to crash and become unavailable until rebooted. The root cause is the lack of a proper check in ice_ptp_extts_event() to verify the PTP state before proceeding. The fix involves modifying ice_ptp_extts_event() to check if the PTP clock is ready and to exit early if it is not, thereby preventing the NULL pointer dereference and subsequent kernel panic. This vulnerability affects Linux kernel versions containing the ice driver implementation prior to the patch and is relevant to systems using Intel Ethernet controllers supported by the ice driver with PTP enabled or disabled but still receiving external timestamp interrupts.

For European organizations, this vulnerability poses a risk primarily to servers and network infrastructure running Linux kernels with the ice driver, especially those utilizing PTP for precise time synchronization in critical environments such as telecommunications, finance, and industrial control systems. A kernel panic triggered by this vulnerability results in a denial of service (DoS), causing system downtime and potential disruption of time-sensitive operations. In sectors where high availability and precise timing are crucial, such as stock exchanges, telecom networks, and manufacturing plants, this could lead to operational delays, financial loss, and degraded service quality. Although the vulnerability does not appear to allow privilege escalation or data leakage, the availability impact can be significant. Since the vulnerability is triggered by an interrupt event, it could be exploited remotely if an attacker can induce external timestamp events or manipulate network traffic to cause the race condition. However, no known exploits are currently reported in the wild, reducing immediate risk but not eliminating the threat. The impact is heightened in environments where PTP is used extensively and where rapid recovery from kernel panics is challenging.

To mitigate this vulnerability, European organizations should promptly apply the official Linux kernel patches that address CVE-2024-42107 once available. In the interim, organizations can disable PTP external timestamping if it is not required, reducing the attack surface. Network administrators should monitor systems for unexpected kernel panics and investigate any occurrences related to the ice driver. Implementing robust system monitoring and automated reboot mechanisms can help reduce downtime caused by kernel panics. Additionally, organizations should review their use of the ice driver and consider updating to newer kernel versions that include the fix. For critical infrastructure, deploying redundant systems and failover mechanisms can minimize service disruption. Network segmentation and limiting access to systems with PTP enabled can also reduce the risk of exploitation. Finally, maintaining up-to-date intrusion detection systems and anomaly detection tools can help identify attempts to trigger this vulnerability.