CVE-2024-50072: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was executing vm86() system call: general protection fault: 0000 [#1] PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1 Hardware name: Dell Inc. PowerEdge 1950/0H723K, BIOS 2.7.0 10/30/2010 EIP: restore_all_switch_stack+0xbe/0xcf EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000 ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: ff8affdc DS: 0000 ES: 0000 FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010046 CR0: 80050033 CR2: 00c2101c CR3: 04b6d000 CR4: 000406d0 Call Trace: show_regs+0x70/0x78 die_addr+0x29/0x70 exc_general_protection+0x13c/0x348 exc_bounds+0x98/0x98 handle_exception+0x14d/0x14d exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf This only happens in 32-bit mode when VERW based mitigations like MDS/RFDS are enabled. This is because segment registers with an arbitrary user value can result in #GP when executing VERW. Intel SDM vol. 2C documents the following behavior for VERW instruction: #GP(0) - If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. CLEAR_CPU_BUFFERS macro executes VERW instruction before returning to user space. Use %cs selector to reference VERW operand. This ensures VERW will not #GP for an arbitrary user %ds. [ mingo: Fixed the SOB chain. ]
AI Analysis
Technical Summary
CVE-2024-50072 is a vulnerability identified in the Linux kernel affecting 32-bit mode operation specifically when executing the vm86() system call, as observed in the dosemu software environment. The root cause stems from the use of the VERW instruction, which is employed as part of mitigations against speculative execution side-channel attacks such as Microarchitectural Data Sampling (MDS) and Rogue Data Fetching Side-channel (RFDS). The VERW instruction verifies segment selectors, and if the memory operand effective address lies outside the limits of the code segment (CS), data segment (DS), extra segment (ES), FS, or GS, it triggers a general protection fault (#GP). In this vulnerability, the Linux kernel was using an arbitrary user-supplied segment register value for the VERW operand, which could cause a #GP exception in 32-bit mode. The issue was reported by Robert Gill and manifests as a general protection fault during context switching in the kernel, specifically in the restore_all_switch_stack function. The fix involves modifying the kernel to use the %cs (code segment) selector explicitly for the VERW operand, ensuring that the instruction does not fault due to invalid segment selectors provided by user space. This correction prevents the kernel from crashing due to invalid segment register values when returning to user space, thereby improving system stability and security. The vulnerability is relevant only in 32-bit mode with VERW-based mitigations enabled and does not affect 64-bit mode. The affected Linux kernel versions include several recent commits prior to the fix. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-50072 primarily concerns systems running 32-bit Linux kernels with VERW-based mitigations enabled, which is a relatively niche configuration given the widespread adoption of 64-bit systems. However, legacy systems, embedded devices, or specialized industrial control systems that still operate in 32-bit mode could be affected. The vulnerability can cause kernel crashes (general protection faults), leading to denial of service (DoS) conditions. This could disrupt critical services, especially in sectors relying on legacy Linux environments such as manufacturing, telecommunications, or government infrastructure. While the vulnerability does not directly enable privilege escalation or code execution, the resulting instability could be exploited by attackers to cause service interruptions or to facilitate further attacks by destabilizing the system. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of kernel faults. European organizations with strict uptime requirements or those operating legacy Linux systems should prioritize patching to maintain operational continuity and security.
Mitigation Recommendations
1. Apply the official Linux kernel patch that modifies the VERW operand to use the %cs selector, ensuring that the kernel does not fault on arbitrary user segment registers. This patch is included in kernel versions released after the fix date (post-October 2024). 2. Audit and identify any 32-bit Linux systems in the environment, especially those running legacy or embedded applications, and prioritize their update or replacement with 64-bit systems where feasible. 3. For systems that cannot be immediately patched, consider disabling VERW-based mitigations if the security policy allows, understanding the trade-offs with speculative execution attack protections. 4. Implement robust monitoring for kernel crashes and general protection faults to detect potential exploitation attempts or accidental triggers of this vulnerability. 5. Engage with hardware and software vendors to ensure compatibility and support for updated kernels, particularly in embedded or industrial contexts common in European infrastructure. 6. Conduct thorough regression testing after patch deployment to ensure system stability and compatibility with existing applications.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Finland
CVE-2024-50072: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was executing vm86() system call: general protection fault: 0000 [#1] PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1 Hardware name: Dell Inc. PowerEdge 1950/0H723K, BIOS 2.7.0 10/30/2010 EIP: restore_all_switch_stack+0xbe/0xcf EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000 ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: ff8affdc DS: 0000 ES: 0000 FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010046 CR0: 80050033 CR2: 00c2101c CR3: 04b6d000 CR4: 000406d0 Call Trace: show_regs+0x70/0x78 die_addr+0x29/0x70 exc_general_protection+0x13c/0x348 exc_bounds+0x98/0x98 handle_exception+0x14d/0x14d exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf This only happens in 32-bit mode when VERW based mitigations like MDS/RFDS are enabled. This is because segment registers with an arbitrary user value can result in #GP when executing VERW. Intel SDM vol. 2C documents the following behavior for VERW instruction: #GP(0) - If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. CLEAR_CPU_BUFFERS macro executes VERW instruction before returning to user space. Use %cs selector to reference VERW operand. This ensures VERW will not #GP for an arbitrary user %ds. [ mingo: Fixed the SOB chain. ]
AI-Powered Analysis
Technical Analysis
CVE-2024-50072 is a vulnerability identified in the Linux kernel affecting 32-bit mode operation specifically when executing the vm86() system call, as observed in the dosemu software environment. The root cause stems from the use of the VERW instruction, which is employed as part of mitigations against speculative execution side-channel attacks such as Microarchitectural Data Sampling (MDS) and Rogue Data Fetching Side-channel (RFDS). The VERW instruction verifies segment selectors, and if the memory operand effective address lies outside the limits of the code segment (CS), data segment (DS), extra segment (ES), FS, or GS, it triggers a general protection fault (#GP). In this vulnerability, the Linux kernel was using an arbitrary user-supplied segment register value for the VERW operand, which could cause a #GP exception in 32-bit mode. The issue was reported by Robert Gill and manifests as a general protection fault during context switching in the kernel, specifically in the restore_all_switch_stack function. The fix involves modifying the kernel to use the %cs (code segment) selector explicitly for the VERW operand, ensuring that the instruction does not fault due to invalid segment selectors provided by user space. This correction prevents the kernel from crashing due to invalid segment register values when returning to user space, thereby improving system stability and security. The vulnerability is relevant only in 32-bit mode with VERW-based mitigations enabled and does not affect 64-bit mode. The affected Linux kernel versions include several recent commits prior to the fix. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-50072 primarily concerns systems running 32-bit Linux kernels with VERW-based mitigations enabled, which is a relatively niche configuration given the widespread adoption of 64-bit systems. However, legacy systems, embedded devices, or specialized industrial control systems that still operate in 32-bit mode could be affected. The vulnerability can cause kernel crashes (general protection faults), leading to denial of service (DoS) conditions. This could disrupt critical services, especially in sectors relying on legacy Linux environments such as manufacturing, telecommunications, or government infrastructure. While the vulnerability does not directly enable privilege escalation or code execution, the resulting instability could be exploited by attackers to cause service interruptions or to facilitate further attacks by destabilizing the system. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of kernel faults. European organizations with strict uptime requirements or those operating legacy Linux systems should prioritize patching to maintain operational continuity and security.
Mitigation Recommendations
1. Apply the official Linux kernel patch that modifies the VERW operand to use the %cs selector, ensuring that the kernel does not fault on arbitrary user segment registers. This patch is included in kernel versions released after the fix date (post-October 2024). 2. Audit and identify any 32-bit Linux systems in the environment, especially those running legacy or embedded applications, and prioritize their update or replacement with 64-bit systems where feasible. 3. For systems that cannot be immediately patched, consider disabling VERW-based mitigations if the security policy allows, understanding the trade-offs with speculative execution attack protections. 4. Implement robust monitoring for kernel crashes and general protection faults to detect potential exploitation attempts or accidental triggers of this vulnerability. 5. Engage with hardware and software vendors to ensure compatibility and support for updated kernels, particularly in embedded or industrial contexts common in European infrastructure. 6. Conduct thorough regression testing after patch deployment to ensure system stability and compatibility with existing applications.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.940Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdcf16
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 9:55:24 PM
Last updated: 8/4/2025, 7:13:00 PM
Views: 12
Related Threats
CVE-2025-8874: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in litonice13 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
MediumCVE-2025-8767: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in anwppro AnWP Football Leagues
MediumCVE-2025-8482: CWE-862 Missing Authorization in 10up Simple Local Avatars
MediumCVE-2025-8418: CWE-862 Missing Authorization in bplugins B Slider- Gutenberg Slider Block for WP
HighCVE-2025-47444: CWE-201 Insertion of Sensitive Information Into Sent Data in Liquid Web GiveWP
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.