CVE-2024-42301 is a vulnerability identified in the Linux kernel specifically within the parallel port driver subsystem (dev/parport). The root cause of the vulnerability is an array out-of-bounds condition triggered by the use of the unsafe sprintf function for copying data into a fixed-size buffer. This unsafe operation can lead to buffer overflow, which corrupts the kernel stack. The vulnerability was observed to cause kernel panics with stack protector failures, indicating stack corruption. The stack trace provided shows the failure occurs in the function do_hardware_base_addr within the parport driver, leading to a kernel panic and system crash. The vulnerability has been addressed by replacing sprintf with the safer snprintf function, which limits the number of characters copied and prevents buffer overflow. The affected Linux kernel versions are identified by a specific commit hash (1da177e4c3f41524e886b7f1b8a0c1fc7321cac2), indicating a particular code state before the fix. This vulnerability does not require user interaction but does require local code execution or kernel-level access to trigger. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability impacts system stability and availability by causing kernel panics and potential denial of service. It does not directly indicate privilege escalation or confidentiality breaches but could be leveraged as part of a larger attack chain. The vulnerability affects Linux kernel versions running on ARM64 architectures, as indicated by the stack trace from a Huawei QingYun device, suggesting relevance to embedded or specialized Linux deployments as well as general-purpose Linux systems using the parport driver.

For European organizations, this vulnerability primarily threatens system availability and reliability. Organizations running Linux-based systems with the parallel port driver enabled—common in industrial control systems, embedded devices, and legacy hardware environments—may experience unexpected kernel panics leading to service disruptions or downtime. Critical infrastructure sectors such as manufacturing, telecommunications, and government agencies that rely on Linux systems for operational technology (OT) or specialized hardware interfaces could be particularly impacted. Although the vulnerability does not currently have known exploits, the risk of denial-of-service conditions could affect business continuity and operational resilience. Additionally, if attackers combine this vulnerability with other exploits, it could facilitate more severe attacks. The impact is heightened in environments where patching is slow or where systems run older kernel versions. Given the kernel-level nature of the flaw, recovery from crashes may require system reboots, potentially causing operational delays. Confidentiality and integrity impacts are limited based on current information, but availability degradation alone can have significant operational consequences in critical European sectors.

European organizations should prioritize applying the official Linux kernel patch that replaces sprintf with snprintf in the parport driver to eliminate the buffer overflow risk. System administrators should audit their Linux kernel versions and update to the fixed version or later. For environments where immediate patching is not feasible, disabling the parallel port driver (parport) if not in use can mitigate exposure. Monitoring kernel logs for stack protector failures or kernel panics related to parport can provide early detection of exploitation attempts or instability. Organizations should also implement robust kernel crash recovery procedures and ensure backups and redundancy to minimize downtime. For embedded or specialized devices, coordinate with hardware vendors for firmware or kernel updates. Finally, maintain strict access controls to prevent unauthorized local code execution, as exploitation requires kernel-level access. Regular vulnerability scanning and compliance checks should include this CVE once patches are released.