CVE-2024-50097 is a vulnerability identified in the Linux kernel's handling of the Fast Ethernet Controller (FEC) driver, specifically related to the Precision Time Protocol (PTP) state management. The issue arises on certain platforms, such as the i.MX25 and i.MX27, which do not support PTP. In these cases, the fec_ptp_init() function is not invoked, leaving related data structures uninitialized. However, the kernel still calls fec_ptp_save_state() unconditionally, which attempts to save the PTP state despite its absence. This results in a kernel panic, causing the system to crash. The root cause is a missing conditional check before calling fec_ptp_save_state(), which should only be executed if PTP support is present. The vulnerability leads to a denial-of-service (DoS) condition by crashing the kernel on affected systems. The fix involves adding a condition to prevent fec_ptp_save_state() from being called when PTP is unsupported. This vulnerability affects specific Linux kernel versions identified by certain commit hashes and was published on November 5, 2024. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.

For European organizations, the primary impact of CVE-2024-50097 is a potential denial-of-service condition on Linux systems running on affected hardware platforms, particularly those using i.MX25 and i.MX27 processors or similar architectures that lack PTP support. This could disrupt critical infrastructure or embedded systems that rely on these platforms, such as industrial control systems, telecommunications equipment, or IoT devices. The kernel panic caused by this vulnerability could lead to system downtime, loss of availability, and potential operational disruptions. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact could be significant in environments where uptime is critical. European organizations using embedded Linux systems in manufacturing, transportation, or telecommunications sectors should be particularly vigilant. Since no exploits are currently known, the risk of active attacks is low but could increase if attackers develop exploits targeting this flaw.

To mitigate this vulnerability, European organizations should: 1) Identify Linux systems running on affected platforms (e.g., i.MX25, i.MX27) or similar hardware lacking PTP support. 2) Apply the latest Linux kernel patches or updates that include the fix for CVE-2024-50097 as soon as they become available. 3) For embedded or specialized devices where kernel updates are not straightforward, coordinate with device vendors or maintainers to obtain patched firmware or kernel versions. 4) Implement monitoring to detect kernel panics or unexpected reboots that could indicate exploitation attempts or triggering of this vulnerability. 5) In environments where patching is delayed, consider isolating affected devices from critical networks to reduce impact. 6) Review system logs and incident response plans to prepare for potential denial-of-service incidents related to this vulnerability. 7) Engage with hardware and software suppliers to ensure ongoing support and timely patching for embedded Linux systems.