CVE-2024-42247 is a vulnerability identified in the Linux kernel specifically affecting the WireGuard VPN implementation on the parisc (PA-RISC) platform. The issue arises from unaligned 64-bit memory accesses when handling IPv6 addresses in the allowedips component of WireGuard. On parisc architectures, which require aligned memory accesses, the kernel attempts to load a 128-bit IPv6 address from an unaligned memory location, triggering kernel warnings and potentially leading to undefined behavior. The root cause is that the swap_endian() function tries to load data without ensuring proper alignment, which is problematic on architectures like parisc that do not support unaligned memory access natively. The fix involves replacing the direct memory access with the get_unaligned_be64() helper macro, which safely handles unaligned 64-bit big-endian loads. This vulnerability is limited to a specific hardware architecture (parisc) and affects the WireGuard allowedips insertion code path in the Linux kernel. No known exploits are reported in the wild, and the vulnerability does not appear to allow direct privilege escalation or remote code execution but could cause kernel warnings or crashes due to improper memory access. The affected versions are specific Linux kernel commits identified by their hashes, indicating this is a recent and targeted fix. The vulnerability was published on August 7, 2024, and is currently in a published state without an assigned CVSS score.

For European organizations, the impact of CVE-2024-42247 is generally low to medium, primarily depending on the use of the parisc platform and WireGuard VPN. The parisc architecture is relatively niche and uncommon in modern European IT infrastructures, which predominantly use x86_64 or ARM architectures. However, organizations that maintain legacy systems or specialized hardware running parisc Linux kernels with WireGuard enabled could experience kernel instability, warnings, or crashes, potentially leading to denial of service conditions on affected systems. This could disrupt VPN connectivity and impact secure communications. Since WireGuard is widely adopted for secure VPN tunnels, any instability in its kernel module could affect remote access and secure communications for affected systems. The vulnerability does not appear to allow privilege escalation or remote code execution, so confidentiality and integrity impacts are minimal. The main risk is availability degradation due to kernel faults. Given the lack of known exploits and the limited affected architecture, the threat to the broader European enterprise landscape is limited but should not be ignored in environments where parisc hardware is still in use.

1. Apply the official Linux kernel patch that replaces unaligned memory accesses with the get_unaligned_be64() helper macro to ensure safe handling of IPv6 addresses in WireGuard on parisc platforms. 2. For organizations using parisc hardware, prioritize upgrading to the latest stable Linux kernel versions that include this fix. 3. Conduct an inventory to identify any legacy parisc systems running WireGuard and assess their exposure. 4. Implement kernel crash monitoring and alerting to detect any instability related to WireGuard allowedips processing. 5. If immediate patching is not feasible, consider disabling WireGuard on parisc systems temporarily to avoid kernel warnings and potential crashes. 6. Engage with hardware and OS vendors for support and guidance on maintaining secure and stable kernel versions on parisc platforms. 7. Regularly review kernel logs for unaligned access warnings that may indicate unpatched systems.