CVE-2024-42095: serial: 8250_omap: Implementation of Errata i2310
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250_omap: Implementation of Errata i2310
As per Errata i2310[0], Erroneous timeout can be triggered,
if this Erroneous interrupt is not cleared then it may leads
to storm of interrupts, therefore apply Errata i2310 solution.
[0] https://www.ti.com/lit/pdf/sprz536 page 23
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue affects systems using the TI OMAP 8250 serial driver. A hardware erratum can cause an erroneous timeout interrupt; if the interrupt is not cleared, the system may experience an interrupt storm and availability impact.
Executive priority
Handle through normal-to-expedited kernel maintenance for affected embedded or appliance fleets. Escalate priority where devices are safety-critical, remote, or availability-sensitive.
Technical view
CVE-2024-42095 is a kernel-side fix in serial: 8250_omap implementing TI Errata i2310 handling. The vulnerable behavior is failure to clear an erroneous timeout interrupt, which may repeatedly fire. The provided record lists multiple Linux stable commits and a Debian LTS advisory.
Likely exposure
Likely exposure is specialized: Linux devices with affected kernel builds using the 8250_omap serial driver on relevant TI OMAP-compatible hardware. General Linux servers without that driver or hardware are less likely exposed.
Exploitation context
The provided bundle does not show KEV listing, active exploitation, public exploit use, CVSS, or CWE details. Treat this primarily as an availability risk until vendor advisories provide more evidence.
Researcher notes
Evidence is limited to the kernel fix description, stable commit references, and Debian LTS advisory. The affected-version data appears kernel-specific and should be reconciled against distribution package backports before declaring exposure.
Mitigation direction
Apply Linux kernel or distribution updates containing the referenced stable commits.
For Debian LTS systems, review and apply the referenced Debian advisory updates.
Prioritize embedded or edge systems using TI OMAP-compatible serial hardware.
If no update is available, follow vendor guidance and plan kernel maintenance.
Validation and detection
Inventory kernel versions against the affected and fixed versions in the CVE record.
Confirm whether the system uses the 8250_omap serial driver and relevant TI hardware.
Verify installed kernel packages include the Errata i2310 fix commits.
Review operational monitoring for unexplained interrupt storms or availability degradation.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-42095 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.