CVE-2024-50031: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop the active perfmon before being destroyed When running `kmscube` with one or more performance monitors enabled via `GALLIUM_HUD`, the following kernel panic can occur: [ 55.008324] Unable to handle kernel paging request at virtual address 00000000052004a4 [ 55.008368] Mem abort info: [ 55.008377] ESR = 0x0000000096000005 [ 55.008387] EC = 0x25: DABT (current EL), IL = 32 bits [ 55.008402] SET = 0, FnV = 0 [ 55.008412] EA = 0, S1PTW = 0 [ 55.008421] FSC = 0x05: level 1 translation fault [ 55.008434] Data abort info: [ 55.008442] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 55.008455] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 55.008467] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 55.008481] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001046c6000 [ 55.008497] [00000000052004a4] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 55.008525] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 55.008542] Modules linked in: rfcomm [...] vc4 v3d snd_soc_hdmi_codec drm_display_helper gpu_sched drm_shmem_helper cec drm_dma_helper drm_kms_helper i2c_brcmstb drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight [ 55.008799] CPU: 2 PID: 166 Comm: v3d_bin Tainted: G C 6.6.47+rpt-rpi-v8 #1 Debian 1:6.6.47-1+rpt1 [ 55.008824] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT) [ 55.008838] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 55.008855] pc : __mutex_lock.constprop.0+0x90/0x608 [ 55.008879] lr : __mutex_lock.constprop.0+0x58/0x608 [ 55.008895] sp : ffffffc080673cf0 [ 55.008904] x29: ffffffc080673cf0 x28: 0000000000000000 x27: ffffff8106188a28 [ 55.008926] x26: ffffff8101e78040 x25: ffffff8101baa6c0 x24: ffffffd9d989f148 [ 55.008947] x23: ffffffda1c2a4008 x22: 0000000000000002 x21: ffffffc080673d38 [ 55.008968] x20: ffffff8101238000 x19: ffffff8104f83188 x18: 0000000000000000 [ 55.008988] x17: 0000000000000000 x16: ffffffda1bd04d18 x15: 00000055bb08bc90 [ 55.009715] x14: 0000000000000000 x13: 0000000000000000 x12: ffffffda1bd4cbb0 [ 55.010433] x11: 00000000fa83b2da x10: 0000000000001a40 x9 : ffffffda1bd04d04 [ 55.011162] x8 : ffffff8102097b80 x7 : 0000000000000000 x6 : 00000000030a5857 [ 55.011880] x5 : 00ffffffffffffff x4 : 0300000005200470 x3 : 0300000005200470 [ 55.012598] x2 : ffffff8101238000 x1 : 0000000000000021 x0 : 0300000005200470 [ 55.013292] Call trace: [ 55.013959] __mutex_lock.constprop.0+0x90/0x608 [ 55.014646] __mutex_lock_slowpath+0x1c/0x30 [ 55.015317] mutex_lock+0x50/0x68 [ 55.015961] v3d_perfmon_stop+0x40/0xe0 [v3d] [ 55.016627] v3d_bin_job_run+0x10c/0x2d8 [v3d] [ 55.017282] drm_sched_main+0x178/0x3f8 [gpu_sched] [ 55.017921] kthread+0x11c/0x128 [ 55.018554] ret_from_fork+0x10/0x20 [ 55.019168] Code: f9400260 f1001c1f 54001ea9 927df000 (b9403401) [ 55.019776] ---[ end trace 0000000000000000 ]--- [ 55.020411] note: v3d_bin[166] exited with preempt_count 1 This issue arises because, upon closing the file descriptor (which happens when we interrupt `kmscube`), the active performance monitor is not stopped. Although all perfmons are destroyed in `v3d_perfmon_close_file()`, the active performance monitor's pointer (`v3d->active_perfmon`) is still retained. If `kmscube` is run again, the driver will attempt to stop the active performance monitor using the stale pointer in `v3d->active_perfmon`. However, this pointer is no longer valid because the previous process has already terminated, and all performance monitors associated with it have been destroyed and freed. To fix this, when the active performance monitor belongs to a given process, explicitly stop it before destroying and freeing it.
AI Analysis
Technical Summary
CVE-2024-50031 is a vulnerability identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the v3d driver used for 3D graphics on Broadcom VideoCore IV GPUs, such as those found in Raspberry Pi devices. The issue arises when running the `kmscube` application with one or more performance monitors enabled via the `GALLIUM_HUD` interface. The vulnerability is triggered by improper handling of active performance monitors during the lifecycle of the `kmscube` process. When the process is interrupted or terminated, the active performance monitor is not explicitly stopped before the file descriptor is closed and the associated resources are freed. This results in a stale pointer (`v3d->active_perfmon`) remaining in the driver. If `kmscube` is restarted, the driver attempts to stop the active performance monitor using this invalid pointer, leading to a kernel panic due to a null or invalid memory reference. The kernel panic manifests as an 'Oops' error with a level 1 translation fault, indicating a failure to handle a kernel paging request. The root cause is a missing explicit stop call for the active performance monitor before destruction and freeing of its resources. This flaw can cause system instability and denial of service (DoS) by crashing the kernel. The vulnerability affects Linux kernel versions including the commit referenced (26a4dc29b74a137f45665089f6d3d633fcc9b662) and is particularly relevant to systems running the v3d driver, such as Raspberry Pi 4 Model B devices. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The fix involves modifying the driver code to explicitly stop the active performance monitor before destroying it, preventing use-after-free conditions and kernel panics.
Potential Impact
For European organizations, the impact of CVE-2024-50031 primarily concerns systems using Linux kernels with the v3d driver, notably Raspberry Pi devices deployed in various roles such as IoT gateways, edge computing nodes, digital signage, or embedded systems. The vulnerability can cause kernel panics leading to system crashes and denial of service, potentially disrupting critical operations relying on these devices. While the vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability can affect availability and operational continuity. Organizations using Raspberry Pi devices in production or industrial environments may experience service interruptions, increased maintenance overhead, and potential data loss if systems reboot unexpectedly. The impact is heightened in environments where unattended devices are deployed, as manual intervention may be required to restore service. Since the vulnerability requires running `kmscube` with performance monitors enabled—a scenario more common in development or diagnostic contexts—the risk to production systems may be lower but still present if similar workloads or monitoring tools are used. The lack of known exploits reduces immediate risk, but the vulnerability underscores the importance of kernel stability in embedded Linux deployments across Europe.
Mitigation Recommendations
To mitigate CVE-2024-50031, European organizations should: 1) Apply the latest Linux kernel updates that include the patch explicitly stopping the active performance monitor before destruction. Monitor Linux kernel mailing lists and vendor advisories for the patch release. 2) Avoid running `kmscube` or similar applications with performance monitors enabled in production environments, especially on Raspberry Pi or other devices using the v3d driver. 3) For development or testing environments where `kmscube` is used, ensure proper shutdown procedures are followed to prevent abrupt termination that leaves stale pointers. 4) Implement monitoring and alerting for kernel panics or unexpected reboots on affected devices to enable rapid response. 5) Consider isolating Raspberry Pi devices running vulnerable kernels from critical network segments to limit impact of potential DoS conditions. 6) Evaluate alternative GPU drivers or kernel configurations if feasible, to reduce reliance on the vulnerable v3d driver until patched. 7) Maintain robust backup and recovery procedures for systems running embedded Linux to minimize downtime caused by kernel crashes.
Affected Countries
United Kingdom, Germany, France, Netherlands, Italy, Spain, Poland, Sweden, Finland, Belgium
CVE-2024-50031: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop the active perfmon before being destroyed When running `kmscube` with one or more performance monitors enabled via `GALLIUM_HUD`, the following kernel panic can occur: [ 55.008324] Unable to handle kernel paging request at virtual address 00000000052004a4 [ 55.008368] Mem abort info: [ 55.008377] ESR = 0x0000000096000005 [ 55.008387] EC = 0x25: DABT (current EL), IL = 32 bits [ 55.008402] SET = 0, FnV = 0 [ 55.008412] EA = 0, S1PTW = 0 [ 55.008421] FSC = 0x05: level 1 translation fault [ 55.008434] Data abort info: [ 55.008442] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 55.008455] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 55.008467] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 55.008481] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001046c6000 [ 55.008497] [00000000052004a4] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 55.008525] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 55.008542] Modules linked in: rfcomm [...] vc4 v3d snd_soc_hdmi_codec drm_display_helper gpu_sched drm_shmem_helper cec drm_dma_helper drm_kms_helper i2c_brcmstb drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight [ 55.008799] CPU: 2 PID: 166 Comm: v3d_bin Tainted: G C 6.6.47+rpt-rpi-v8 #1 Debian 1:6.6.47-1+rpt1 [ 55.008824] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT) [ 55.008838] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 55.008855] pc : __mutex_lock.constprop.0+0x90/0x608 [ 55.008879] lr : __mutex_lock.constprop.0+0x58/0x608 [ 55.008895] sp : ffffffc080673cf0 [ 55.008904] x29: ffffffc080673cf0 x28: 0000000000000000 x27: ffffff8106188a28 [ 55.008926] x26: ffffff8101e78040 x25: ffffff8101baa6c0 x24: ffffffd9d989f148 [ 55.008947] x23: ffffffda1c2a4008 x22: 0000000000000002 x21: ffffffc080673d38 [ 55.008968] x20: ffffff8101238000 x19: ffffff8104f83188 x18: 0000000000000000 [ 55.008988] x17: 0000000000000000 x16: ffffffda1bd04d18 x15: 00000055bb08bc90 [ 55.009715] x14: 0000000000000000 x13: 0000000000000000 x12: ffffffda1bd4cbb0 [ 55.010433] x11: 00000000fa83b2da x10: 0000000000001a40 x9 : ffffffda1bd04d04 [ 55.011162] x8 : ffffff8102097b80 x7 : 0000000000000000 x6 : 00000000030a5857 [ 55.011880] x5 : 00ffffffffffffff x4 : 0300000005200470 x3 : 0300000005200470 [ 55.012598] x2 : ffffff8101238000 x1 : 0000000000000021 x0 : 0300000005200470 [ 55.013292] Call trace: [ 55.013959] __mutex_lock.constprop.0+0x90/0x608 [ 55.014646] __mutex_lock_slowpath+0x1c/0x30 [ 55.015317] mutex_lock+0x50/0x68 [ 55.015961] v3d_perfmon_stop+0x40/0xe0 [v3d] [ 55.016627] v3d_bin_job_run+0x10c/0x2d8 [v3d] [ 55.017282] drm_sched_main+0x178/0x3f8 [gpu_sched] [ 55.017921] kthread+0x11c/0x128 [ 55.018554] ret_from_fork+0x10/0x20 [ 55.019168] Code: f9400260 f1001c1f 54001ea9 927df000 (b9403401) [ 55.019776] ---[ end trace 0000000000000000 ]--- [ 55.020411] note: v3d_bin[166] exited with preempt_count 1 This issue arises because, upon closing the file descriptor (which happens when we interrupt `kmscube`), the active performance monitor is not stopped. Although all perfmons are destroyed in `v3d_perfmon_close_file()`, the active performance monitor's pointer (`v3d->active_perfmon`) is still retained. If `kmscube` is run again, the driver will attempt to stop the active performance monitor using the stale pointer in `v3d->active_perfmon`. However, this pointer is no longer valid because the previous process has already terminated, and all performance monitors associated with it have been destroyed and freed. To fix this, when the active performance monitor belongs to a given process, explicitly stop it before destroying and freeing it.
AI-Powered Analysis
Technical Analysis
CVE-2024-50031 is a vulnerability identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the v3d driver used for 3D graphics on Broadcom VideoCore IV GPUs, such as those found in Raspberry Pi devices. The issue arises when running the `kmscube` application with one or more performance monitors enabled via the `GALLIUM_HUD` interface. The vulnerability is triggered by improper handling of active performance monitors during the lifecycle of the `kmscube` process. When the process is interrupted or terminated, the active performance monitor is not explicitly stopped before the file descriptor is closed and the associated resources are freed. This results in a stale pointer (`v3d->active_perfmon`) remaining in the driver. If `kmscube` is restarted, the driver attempts to stop the active performance monitor using this invalid pointer, leading to a kernel panic due to a null or invalid memory reference. The kernel panic manifests as an 'Oops' error with a level 1 translation fault, indicating a failure to handle a kernel paging request. The root cause is a missing explicit stop call for the active performance monitor before destruction and freeing of its resources. This flaw can cause system instability and denial of service (DoS) by crashing the kernel. The vulnerability affects Linux kernel versions including the commit referenced (26a4dc29b74a137f45665089f6d3d633fcc9b662) and is particularly relevant to systems running the v3d driver, such as Raspberry Pi 4 Model B devices. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The fix involves modifying the driver code to explicitly stop the active performance monitor before destroying it, preventing use-after-free conditions and kernel panics.
Potential Impact
For European organizations, the impact of CVE-2024-50031 primarily concerns systems using Linux kernels with the v3d driver, notably Raspberry Pi devices deployed in various roles such as IoT gateways, edge computing nodes, digital signage, or embedded systems. The vulnerability can cause kernel panics leading to system crashes and denial of service, potentially disrupting critical operations relying on these devices. While the vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability can affect availability and operational continuity. Organizations using Raspberry Pi devices in production or industrial environments may experience service interruptions, increased maintenance overhead, and potential data loss if systems reboot unexpectedly. The impact is heightened in environments where unattended devices are deployed, as manual intervention may be required to restore service. Since the vulnerability requires running `kmscube` with performance monitors enabled—a scenario more common in development or diagnostic contexts—the risk to production systems may be lower but still present if similar workloads or monitoring tools are used. The lack of known exploits reduces immediate risk, but the vulnerability underscores the importance of kernel stability in embedded Linux deployments across Europe.
Mitigation Recommendations
To mitigate CVE-2024-50031, European organizations should: 1) Apply the latest Linux kernel updates that include the patch explicitly stopping the active performance monitor before destruction. Monitor Linux kernel mailing lists and vendor advisories for the patch release. 2) Avoid running `kmscube` or similar applications with performance monitors enabled in production environments, especially on Raspberry Pi or other devices using the v3d driver. 3) For development or testing environments where `kmscube` is used, ensure proper shutdown procedures are followed to prevent abrupt termination that leaves stale pointers. 4) Implement monitoring and alerting for kernel panics or unexpected reboots on affected devices to enable rapid response. 5) Consider isolating Raspberry Pi devices running vulnerable kernels from critical network segments to limit impact of potential DoS conditions. 6) Evaluate alternative GPU drivers or kernel configurations if feasible, to reduce reliance on the vulnerable v3d driver until patched. 7) Maintain robust backup and recovery procedures for systems running embedded Linux to minimize downtime caused by kernel crashes.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T12:17:06.069Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdfd5e
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 4:27:12 PM
Last updated: 8/18/2025, 11:32:14 PM
Views: 13
Related Threats
CVE-2025-52287: n/a
UnknownCVE-2025-55581: n/a
HighCVE-2025-52085: n/a
HighCVE-2025-43760: CWE-79: Cross-site Scripting in Liferay Portal
MediumCVE-2025-55613: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.