CVE-2024-50111: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case do_ale() may call get_user() which may cause sleep. Then we will get: BUG: sleeping function called from invalid context at arch/loongarch/kernel/access-helper.h:7 in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 129, name: modprobe preempt_count: 0, expected: 0 RCU nest depth: 0, expected: 0 CPU: 0 UID: 0 PID: 129 Comm: modprobe Tainted: G W 6.12.0-rc1+ #1723 Tainted: [W]=WARN Stack : 9000000105e0bd48 0000000000000000 9000000003803944 9000000105e08000 9000000105e0bc70 9000000105e0bc78 0000000000000000 0000000000000000 9000000105e0bc78 0000000000000001 9000000185e0ba07 9000000105e0b890 ffffffffffffffff 9000000105e0bc78 73924b81763be05b 9000000100194500 000000000000020c 000000000000000a 0000000000000000 0000000000000003 00000000000023f0 00000000000e1401 00000000072f8000 0000007ffbb0e260 0000000000000000 0000000000000000 9000000005437650 90000000055d5000 0000000000000000 0000000000000003 0000007ffbb0e1f0 0000000000000000 0000005567b00490 0000000000000000 9000000003803964 0000007ffbb0dfec 00000000000000b0 0000000000000007 0000000000000003 0000000000071c1d ... Call Trace: [<9000000003803964>] show_stack+0x64/0x1a0 [<9000000004c57464>] dump_stack_lvl+0x74/0xb0 [<9000000003861ab4>] __might_resched+0x154/0x1a0 [<900000000380c96c>] emulate_load_store_insn+0x6c/0xf60 [<9000000004c58118>] do_ale+0x78/0x180 [<9000000003801bc8>] handle_ale+0x128/0x1e0 So enable IRQ if unaligned access exception is triggered in irq-enabled context to fix it.
AI Analysis
Technical Summary
CVE-2024-50111 is a vulnerability identified in the Linux kernel specifically affecting the LoongArch architecture. The issue arises when an unaligned access exception (ALE) is triggered in an interrupt request (IRQ)-enabled context, such as user mode. Under these conditions, the kernel function do_ale() may invoke get_user(), which can cause the kernel to sleep. Sleeping in an IRQ context is invalid and leads to a kernel BUG, as indicated by the error message: "BUG: sleeping function called from invalid context". This bug manifests because interrupts are disabled (irqs_disabled()=1) while the kernel attempts to perform an operation that may sleep, violating kernel context rules. The root cause is that IRQs are not re-enabled when handling the unaligned access exception in an IRQ-enabled context, leading to improper kernel behavior and potential system instability or crashes. The fix involves enabling IRQs when an unaligned access exception occurs in an IRQ-enabled context to prevent the kernel from sleeping while interrupts are disabled. This vulnerability is specific to the LoongArch CPU architecture support in the Linux kernel and was addressed in kernel version 6.12.0-rc1+ and related commits. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-50111 depends largely on the deployment of Linux systems running on LoongArch architecture processors. While LoongArch is a relatively new and less widespread architecture compared to x86 or ARM, its adoption may be growing in certain specialized sectors or research environments. The vulnerability can cause kernel panics or system crashes due to improper handling of unaligned memory accesses in IRQ contexts, leading to denial of service (DoS). This could disrupt critical services, especially in environments where Linux is used for embedded systems, industrial control, or specialized computing tasks. Although this vulnerability does not directly lead to privilege escalation or data leakage, the resulting instability could impact availability and operational continuity. European organizations relying on affected Linux kernel versions on LoongArch hardware should be aware of potential system reliability issues and plan for timely patching. Given the lack of known exploits, the immediate risk is moderate, but the potential for disruption in critical systems warrants attention.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-50111 as soon as they become available for your distribution or build. Monitor kernel updates from trusted sources and test patches in staging environments before production deployment. 2. For organizations using LoongArch-based systems, verify kernel versions and ensure they are updated to versions including the fix (post 6.12.0-rc1+). 3. Implement rigorous kernel crash monitoring and alerting to detect early signs of instability related to unaligned access exceptions. 4. If patching is delayed, consider isolating or limiting workloads on affected LoongArch systems to reduce exposure. 5. Engage with hardware and software vendors to confirm support and timely updates for LoongArch platforms. 6. Review kernel configuration and system usage patterns to minimize unaligned memory accesses in IRQ contexts, although this may require deep system-level changes and is less practical than patching. 7. Maintain comprehensive backups and disaster recovery plans to mitigate potential downtime caused by kernel crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden
CVE-2024-50111: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case do_ale() may call get_user() which may cause sleep. Then we will get: BUG: sleeping function called from invalid context at arch/loongarch/kernel/access-helper.h:7 in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 129, name: modprobe preempt_count: 0, expected: 0 RCU nest depth: 0, expected: 0 CPU: 0 UID: 0 PID: 129 Comm: modprobe Tainted: G W 6.12.0-rc1+ #1723 Tainted: [W]=WARN Stack : 9000000105e0bd48 0000000000000000 9000000003803944 9000000105e08000 9000000105e0bc70 9000000105e0bc78 0000000000000000 0000000000000000 9000000105e0bc78 0000000000000001 9000000185e0ba07 9000000105e0b890 ffffffffffffffff 9000000105e0bc78 73924b81763be05b 9000000100194500 000000000000020c 000000000000000a 0000000000000000 0000000000000003 00000000000023f0 00000000000e1401 00000000072f8000 0000007ffbb0e260 0000000000000000 0000000000000000 9000000005437650 90000000055d5000 0000000000000000 0000000000000003 0000007ffbb0e1f0 0000000000000000 0000005567b00490 0000000000000000 9000000003803964 0000007ffbb0dfec 00000000000000b0 0000000000000007 0000000000000003 0000000000071c1d ... Call Trace: [<9000000003803964>] show_stack+0x64/0x1a0 [<9000000004c57464>] dump_stack_lvl+0x74/0xb0 [<9000000003861ab4>] __might_resched+0x154/0x1a0 [<900000000380c96c>] emulate_load_store_insn+0x6c/0xf60 [<9000000004c58118>] do_ale+0x78/0x180 [<9000000003801bc8>] handle_ale+0x128/0x1e0 So enable IRQ if unaligned access exception is triggered in irq-enabled context to fix it.
AI-Powered Analysis
Technical Analysis
CVE-2024-50111 is a vulnerability identified in the Linux kernel specifically affecting the LoongArch architecture. The issue arises when an unaligned access exception (ALE) is triggered in an interrupt request (IRQ)-enabled context, such as user mode. Under these conditions, the kernel function do_ale() may invoke get_user(), which can cause the kernel to sleep. Sleeping in an IRQ context is invalid and leads to a kernel BUG, as indicated by the error message: "BUG: sleeping function called from invalid context". This bug manifests because interrupts are disabled (irqs_disabled()=1) while the kernel attempts to perform an operation that may sleep, violating kernel context rules. The root cause is that IRQs are not re-enabled when handling the unaligned access exception in an IRQ-enabled context, leading to improper kernel behavior and potential system instability or crashes. The fix involves enabling IRQs when an unaligned access exception occurs in an IRQ-enabled context to prevent the kernel from sleeping while interrupts are disabled. This vulnerability is specific to the LoongArch CPU architecture support in the Linux kernel and was addressed in kernel version 6.12.0-rc1+ and related commits. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-50111 depends largely on the deployment of Linux systems running on LoongArch architecture processors. While LoongArch is a relatively new and less widespread architecture compared to x86 or ARM, its adoption may be growing in certain specialized sectors or research environments. The vulnerability can cause kernel panics or system crashes due to improper handling of unaligned memory accesses in IRQ contexts, leading to denial of service (DoS). This could disrupt critical services, especially in environments where Linux is used for embedded systems, industrial control, or specialized computing tasks. Although this vulnerability does not directly lead to privilege escalation or data leakage, the resulting instability could impact availability and operational continuity. European organizations relying on affected Linux kernel versions on LoongArch hardware should be aware of potential system reliability issues and plan for timely patching. Given the lack of known exploits, the immediate risk is moderate, but the potential for disruption in critical systems warrants attention.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-50111 as soon as they become available for your distribution or build. Monitor kernel updates from trusted sources and test patches in staging environments before production deployment. 2. For organizations using LoongArch-based systems, verify kernel versions and ensure they are updated to versions including the fix (post 6.12.0-rc1+). 3. Implement rigorous kernel crash monitoring and alerting to detect early signs of instability related to unaligned access exceptions. 4. If patching is delayed, consider isolating or limiting workloads on affected LoongArch systems to reduce exposure. 5. Engage with hardware and software vendors to confirm support and timely updates for LoongArch platforms. 6. Review kernel configuration and system usage patterns to minimize unaligned memory accesses in IRQ contexts, although this may require deep system-level changes and is less practical than patching. 7. Maintain comprehensive backups and disaster recovery plans to mitigate potential downtime caused by kernel crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.947Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbdff90
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 5:25:25 PM
Last updated: 8/14/2025, 5:23:46 PM
Views: 10
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.