CVE-2024-49955 is a vulnerability identified in the Linux kernel's ACPI battery management subsystem. The issue arises when a battery hook, which is a callback mechanism used to manage battery-related events, returns an error during the addition of a new battery. In such cases, the battery hook is automatically unregistered by the kernel. However, the battery hook provider remains unaware of this automatic unregistration and may subsequently attempt to unregister the same battery hook again by calling battery_hook_unregister(). This results in a double unregistration attempt on an already unregistered battery hook, causing a kernel crash. The root cause is a lack of synchronization and state tracking for the battery hook's registration status. The fix implemented involves marking battery hooks that have already been unregistered using the list head data structure, allowing subsequent unregister calls to detect and ignore these redundant operations, thereby preventing the crash. This vulnerability affects Linux kernel versions identified by the commit hash fa93854f7a7ed63d054405bf3779247d5300edd3 and potentially other versions prior to the patch. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts system stability and availability due to the potential for kernel crashes triggered by battery hook management errors.

For European organizations, the primary impact of CVE-2024-49955 is on system availability and reliability. Linux is widely used across European enterprises, government agencies, and critical infrastructure, often powering servers, embedded systems, and workstations. A kernel crash caused by this vulnerability could lead to unexpected system reboots or downtime, disrupting business operations, especially in environments relying on battery-powered devices or systems that interact with battery management subsystems (e.g., laptops, mobile devices, embedded industrial equipment). Although this vulnerability does not directly expose confidentiality or integrity risks, the resulting denial of service could affect operational continuity. In sectors such as healthcare, finance, manufacturing, and public services, where Linux-based systems are integral, such disruptions could have cascading effects on service delivery and compliance with regulatory uptime requirements. Furthermore, while no exploits are known, the vulnerability could be leveraged in targeted attacks aiming to cause system instability or to facilitate further exploitation by causing predictable crashes.

To mitigate CVE-2024-49955, European organizations should prioritize updating their Linux kernel to the patched version that includes the fix for this battery hook unregistration issue. Kernel updates should be tested in staging environments to ensure compatibility and stability before deployment in production. Organizations should also audit their systems to identify devices and servers that utilize ACPI battery hooks, particularly laptops, embedded systems, and battery-dependent infrastructure. Monitoring system logs for kernel crashes related to battery management can help detect attempts to trigger this vulnerability. For environments where immediate patching is not feasible, implementing kernel crash recovery mechanisms and ensuring robust backup and failover strategies can reduce downtime impact. Additionally, organizations should maintain strict control over software and driver updates that interact with battery hooks to prevent inadvertent triggering of the vulnerability. Engaging with Linux distribution vendors and subscribing to security advisories will ensure timely awareness and application of relevant patches.