CVE-2024-42140 is a vulnerability identified in the Linux kernel specifically affecting the RISC-V architecture's kexec crash path. The issue arises when the kexec crash code is invoked within an interrupt context. In this scenario, the function machine_kexec_mask_interrupts() attempts to acquire the irqdesc spinlock and subsequently deactivate the irqchip via irq_set_irqchip_state(). This sequence leads to a deadlock because the irqdesc spinlock cannot be acquired while already in the interrupt context, causing the system to hang. The root cause is that, unlike the arm64 architecture, RISC-V only requires the irq_eoi handler to complete the End Of Interrupt (EOI) process. The presence of irq_set_irqchip_state() in the RISC-V kexec crash path is unnecessary and introduces the deadlock risk. The vulnerability is addressed by removing the call to irq_set_irqchip_state() in the RISC-V kexec crash path, thus preventing the deadlock condition. This vulnerability affects specific Linux kernel versions identified by their commit hashes, indicating it is present in certain recent kernel builds prior to the fix. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and low-level, impacting kernel interrupt handling during crash recovery on RISC-V systems.

For European organizations, the impact of CVE-2024-42140 depends largely on their use of Linux systems running on RISC-V architecture. RISC-V is an emerging open-source hardware architecture gaining traction in embedded systems, IoT devices, and some specialized computing environments. Organizations using RISC-V based Linux systems could experience system hangs or deadlocks during kernel crash recovery if this vulnerability is triggered, potentially leading to denial of service conditions. This could affect critical infrastructure or industrial control systems relying on RISC-V Linux platforms, causing operational disruptions. However, the impact is limited to systems that invoke the kexec crash path in interrupt context, which is a relatively rare and specific condition. Since no known exploits exist, the immediate risk is low, but the vulnerability poses a reliability and availability risk for affected systems. European organizations involved in RISC-V development, research, or deployment in critical sectors should be particularly attentive to this issue.

To mitigate CVE-2024-42140, European organizations should: 1) Apply the latest Linux kernel patches that remove the problematic irq_set_irqchip_state() call in the RISC-V kexec crash path as soon as they become available. 2) For systems where immediate patching is not feasible, consider disabling kexec crash functionality on RISC-V systems if it is not required, to avoid triggering the deadlock. 3) Monitor kernel crash logs and system stability closely on RISC-V Linux systems to detect any signs of deadlock or hang during crash recovery. 4) Engage with Linux kernel maintainers or vendors to ensure timely updates and backports for RISC-V kernel fixes. 5) For critical deployments, conduct thorough testing of kernel crash recovery paths under controlled conditions to verify system behavior post-patch. 6) Maintain robust backup and recovery procedures to minimize downtime in case of system hangs. These steps go beyond generic advice by focusing on architecture-specific mitigation and operational monitoring tailored to the vulnerability's nature.