CVE-2024-50079 is a vulnerability identified in the Linux kernel's io_uring subsystem, specifically related to the sqpoll (submission queue polling) feature. The issue arises when the sqpoll thread is exiting and attempts to cancel pending work items, which may require running task_work functions. If this cancellation occurs within the io_uring_cancel_generic() function, the thread might be waiting on the io_uring_task waitqueue. This situation leads to a problematic state where the kernel scheduler's mutex lock is attempted while the task is in a TASK_INTERRUPTIBLE state rather than the required TASK_RUNNING state. The kernel expects that blocking operations should only be performed when the task state is TASK_RUNNING to avoid deadlocks or kernel panics. The vulnerability manifests as a kernel warning and potential crash (splat) due to improper task state management during mutex locking in the scheduler. The detailed kernel stack trace shows the failure occurs in __might_sleep(), which is a kernel debugging helper that warns if a blocking operation is attempted in an invalid context. This flaw can cause system instability or denial of service by crashing the kernel or causing unpredictable behavior in systems using io_uring with sqpoll enabled. The vulnerability affects Linux kernel versions around 6.12.0-rc3 and potentially others using the affected commit hashes. No known exploits are reported in the wild yet, and no CVSS score has been assigned. The root cause is a missing state transition to TASK_RUNNING before running task_work during cancellation, which has been addressed by ensuring the task state is set correctly, mirroring the handling in other io_uring task_work execution paths.

For European organizations relying on Linux servers, especially those using io_uring with sqpoll enabled for high-performance asynchronous I/O operations, this vulnerability poses a risk of kernel crashes leading to denial of service. This can affect critical infrastructure, cloud services, and enterprise environments where Linux is prevalent. The impact is primarily on system availability and stability, potentially causing service interruptions. While no direct remote code execution or privilege escalation is indicated, the kernel panic could be triggered by local processes or workloads that interact with io_uring's sqpoll feature, which might be exploited by malicious insiders or compromised applications. Organizations running containerized workloads, cloud platforms, or high-performance computing clusters on Linux kernels in the affected versions could experience outages or degraded performance. Given the kernel-level nature of the flaw, recovery may require system reboots and patching, impacting operational continuity. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential exploitation or accidental crashes.

European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Since the issue is related to kernel task state management in io_uring sqpoll, applying the official Linux kernel patches or upgrading to a stable kernel release post-6.12.0-rc3 that includes the fix is essential. For environments where immediate kernel upgrades are challenging, disabling the sqpoll feature in io_uring can mitigate the risk, as the vulnerability is specific to the sqpoll exit path. System administrators should audit their use of io_uring and sqpoll, especially in performance-critical applications, and consider fallback mechanisms or alternative asynchronous I/O methods until patched. Monitoring kernel logs for __might_sleep warnings or related kernel panics can help detect attempts to trigger the issue. Additionally, restricting untrusted local users' ability to invoke io_uring operations or limiting access to vulnerable kernel features can reduce exploitation likelihood. Incorporating kernel live patching solutions where available may also provide a rapid mitigation path without full system reboots.