CVE-2024-42150 is a vulnerability identified in the Linux kernel's network driver subsystem, specifically affecting the txgbe driver which handles Intel 10 Gigabit Ethernet adapters. The issue arises from improper handling of interrupt requests (IRQs) when using MSI (Message Signaled Interrupts) or INTx (legacy interrupt lines). The vulnerability is due to conflicting calls to request_irq() for the device's IRQ line (pdev->irq) and request_threaded_irq() for the txgbe->misc.irq. This conflict can cause the system to crash, leading to a denial of service (DoS) condition. The root cause is that the driver requests separate IRQs for MSI and INTx interrupts, which is unnecessary and causes conflicts. The fix involves removing the separate IRQ request for MSI/INTx cases and renaming the function txgbe_request_msix_irqs() to clarify that it only requests queue IRQs. Additionally, the patch introduces wx->misc_irq_domain to determine if the driver creates an IRQ domain and whether IRQs are requested in a threaded manner. This vulnerability affects specific Linux kernel versions identified by commit hashes, indicating it is a recent regression or bug. No known exploits are reported in the wild yet, and no CVSS score has been assigned. However, the vulnerability can cause system crashes, impacting availability of affected systems.

For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions with Intel 10GbE network adapters using the txgbe driver. The impact is mainly on system availability due to potential crashes triggered by interrupt conflicts. This can disrupt critical network services, especially in data centers, cloud environments, and enterprise networks relying on high-speed Ethernet connectivity. Organizations in sectors such as finance, telecommunications, healthcare, and government could experience operational downtime, affecting service delivery and potentially causing financial and reputational damage. Since the vulnerability does not appear to allow privilege escalation or data compromise directly, confidentiality and integrity impacts are limited. However, denial of service in network infrastructure can indirectly affect security monitoring and incident response capabilities. The lack of known exploits reduces immediate risk, but the presence of a kernel-level bug means that attackers with local access or the ability to trigger the IRQ conflict could cause system instability.

European organizations should promptly identify Linux systems running affected kernel versions with Intel 10GbE adapters using the txgbe driver. Applying the official Linux kernel patches that remove the conflicting IRQ requests is the primary mitigation. If patching is not immediately feasible, organizations should consider temporary workarounds such as disabling MSI or INTx interrupts if supported, or isolating affected systems from critical network segments to minimize impact. Monitoring system logs for IRQ-related errors or crashes can help detect attempts to trigger the vulnerability. Network administrators should also ensure that kernel updates are tested and deployed in a timely manner, especially in environments with high availability requirements. Additionally, organizations should maintain robust backup and recovery procedures to mitigate potential downtime. Coordination with hardware vendors for firmware updates or driver versions that incorporate the fix may also be necessary.