LiveActive security incident?Get immediate response
CVE Record

CVE-2024-42095: serial: 8250_omap: Implementation of Errata i2310

In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can be triggered, if this Erroneous interrupt is not cleared then it may leads to storm of interrupts, therefore apply Errata i2310 solution. [0] https://www.ti.com/lit/pdf/sprz536 page 23

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This Linux kernel issue affects systems using the TI OMAP 8250 serial driver. A hardware erratum can cause an erroneous timeout interrupt; if the interrupt is not cleared, the system may experience an interrupt storm and availability impact.

Executive priority

Handle through normal-to-expedited kernel maintenance for affected embedded or appliance fleets. Escalate priority where devices are safety-critical, remote, or availability-sensitive.

Technical view

CVE-2024-42095 is a kernel-side fix in serial: 8250_omap implementing TI Errata i2310 handling. The vulnerable behavior is failure to clear an erroneous timeout interrupt, which may repeatedly fire. The provided record lists multiple Linux stable commits and a Debian LTS advisory.

Likely exposure

Likely exposure is specialized: Linux devices with affected kernel builds using the 8250_omap serial driver on relevant TI OMAP-compatible hardware. General Linux servers without that driver or hardware are less likely exposed.

Exploitation context

The provided bundle does not show KEV listing, active exploitation, public exploit use, CVSS, or CWE details. Treat this primarily as an availability risk until vendor advisories provide more evidence.

Researcher notes

Evidence is limited to the kernel fix description, stable commit references, and Debian LTS advisory. The affected-version data appears kernel-specific and should be reconciled against distribution package backports before declaring exposure.

Mitigation direction

  • Apply Linux kernel or distribution updates containing the referenced stable commits.
  • For Debian LTS systems, review and apply the referenced Debian advisory updates.
  • Prioritize embedded or edge systems using TI OMAP-compatible serial hardware.
  • If no update is available, follow vendor guidance and plan kernel maintenance.

Validation and detection

  • Inventory kernel versions against the affected and fixed versions in the CVE record.
  • Confirm whether the system uses the 8250_omap serial driver and relevant TI hardware.
  • Verify installed kernel packages include the Errata i2310 fix commits.
  • Review operational monitoring for unexplained interrupt storms or availability degradation.
Prepared
Confidence
medium
Sources
9

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-42095 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
8Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux9443acbd251f366804b20a27be72ba67df532cb1, b67e830d38fa9335d927fe67e812e3ed81b4689c, b67e830d38fa9335d927fe67e812e3ed81b4689c, b67e830d38fa9335d927fe67e812e3ed81b4689c, b67e830d38fa9335d927fe67e812e3ed81b4689c, b67e830d38fa9335d927fe67e812e3ed81b4689c, bf1bcca53c35a40976afbdd40aaea9424154f57b, ed87ec89b7f6071de06380a0216e6aa420eb9742, 5.10.50, 5.12.17, 5.13.2unaffected
LinuxLinux5.14, 0, 5.10.221, 5.15.162, 6.1.97, 6.6.37, 6.9.8, 6.10affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.