CVE-2024-50122: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: PCI: Hold rescan lock while adding devices during host probe Since adding the PCI power control code, we may end up with a race between the pwrctl platform device rescanning the bus and host controller probe functions. The latter need to take the rescan lock when adding devices or we may end up in an undefined state having two incompletely added devices and hit the following crash when trying to remove the device over sysfs: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP Call trace: __pi_strlen+0x14/0x150 kernfs_find_ns+0x80/0x13c kernfs_remove_by_name_ns+0x54/0xf0 sysfs_remove_bin_file+0x24/0x34 pci_remove_resource_files+0x3c/0x84 pci_remove_sysfs_dev_files+0x28/0x38 pci_stop_bus_device+0x8c/0xd8 pci_stop_bus_device+0x40/0xd8 pci_stop_and_remove_bus_device_locked+0x28/0x48 remove_store+0x70/0xb0 dev_attr_store+0x20/0x38 sysfs_kf_write+0x58/0x78 kernfs_fop_write_iter+0xe8/0x184 vfs_write+0x2dc/0x308 ksys_write+0x7c/0xec
AI Analysis
Technical Summary
CVE-2024-50122 is a vulnerability identified in the Linux kernel related to the PCI (Peripheral Component Interconnect) subsystem, specifically involving the handling of device rescanning during host controller probing. The root cause stems from a race condition introduced after the addition of PCI power control code. This race occurs between the power control platform device (pwrctl) rescanning the PCI bus and the host controller's probe functions. The host controller probe functions are responsible for adding devices to the system and must hold a rescan lock to ensure synchronization. Failure to hold this lock can lead to an undefined state where two devices are incompletely added simultaneously. This inconsistent state can cause a kernel crash when attempting to remove a device via sysfs, the virtual filesystem interface for device management. The crash is characterized by a NULL pointer dereference at a zero virtual address, resulting in an 'Oops' kernel panic. The stack trace indicates the fault occurs during sysfs file removal operations related to PCI device resource files. This vulnerability affects Linux kernel versions identified by the commit hash 4565d2652a37e438e4cd729e2a8dfeffe34c958c. Although no known exploits are currently reported in the wild, the issue is significant because it can cause system instability and denial of service (DoS) due to kernel crashes. The vulnerability does not require user interaction but involves kernel-level operations, implying that exploitation would likely require local privileges or specific conditions triggering device rescanning and removal. The absence of a CVSS score suggests this is a recently published issue, and the Linux community has acknowledged it with a patch to hold the rescan lock properly during device addition to prevent the race condition and subsequent crash.
Potential Impact
For European organizations, the impact of CVE-2024-50122 primarily revolves around system stability and availability. Linux is widely used in enterprise environments across Europe, including servers, cloud infrastructure, and embedded systems. A kernel crash caused by this vulnerability could lead to unexpected downtime, disrupting critical services and operations. This is particularly concerning for sectors relying heavily on Linux-based infrastructure, such as finance, telecommunications, manufacturing, and public services. The vulnerability could be exploited to cause denial of service by triggering the race condition, potentially impacting data centers and cloud providers hosting European customers. While there is no indication of data confidentiality or integrity compromise, the availability impact alone can have significant operational and financial consequences. Additionally, organizations using Linux in embedded or industrial control systems may face safety risks if devices suddenly crash. The lack of known exploits reduces immediate risk, but the vulnerability's nature means it could be targeted once widely known, especially in environments where PCI device hot-plugging or rescanning is common. Therefore, European organizations must prioritize patching to maintain system reliability and avoid service interruptions.
Mitigation Recommendations
To mitigate CVE-2024-50122, European organizations should: 1) Apply the official Linux kernel patches that address the race condition by ensuring the rescan lock is held during device addition in the PCI subsystem. Monitoring Linux kernel mailing lists and vendor advisories for updated kernel releases is essential. 2) For systems where immediate patching is not feasible, consider disabling PCI device hot-plugging or rescanning features temporarily to reduce the likelihood of triggering the race condition. 3) Implement robust monitoring of kernel logs and sysfs operations to detect early signs of device addition/removal failures or kernel warnings that could precede crashes. 4) Use kernel crash dump tools (kdump) to capture crash data for forensic analysis and to verify patch effectiveness. 5) In virtualized environments, coordinate with hypervisor vendors to ensure that guest Linux kernels are updated and that PCI device passthrough or hot-plug features are managed carefully. 6) Conduct thorough testing of kernel updates in staging environments to confirm stability before deployment in production. 7) Maintain strict access controls to limit local user privileges, as exploitation would likely require local access to trigger device rescanning and removal operations.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-50122: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: PCI: Hold rescan lock while adding devices during host probe Since adding the PCI power control code, we may end up with a race between the pwrctl platform device rescanning the bus and host controller probe functions. The latter need to take the rescan lock when adding devices or we may end up in an undefined state having two incompletely added devices and hit the following crash when trying to remove the device over sysfs: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP Call trace: __pi_strlen+0x14/0x150 kernfs_find_ns+0x80/0x13c kernfs_remove_by_name_ns+0x54/0xf0 sysfs_remove_bin_file+0x24/0x34 pci_remove_resource_files+0x3c/0x84 pci_remove_sysfs_dev_files+0x28/0x38 pci_stop_bus_device+0x8c/0xd8 pci_stop_bus_device+0x40/0xd8 pci_stop_and_remove_bus_device_locked+0x28/0x48 remove_store+0x70/0xb0 dev_attr_store+0x20/0x38 sysfs_kf_write+0x58/0x78 kernfs_fop_write_iter+0xe8/0x184 vfs_write+0x2dc/0x308 ksys_write+0x7c/0xec
AI-Powered Analysis
Technical Analysis
CVE-2024-50122 is a vulnerability identified in the Linux kernel related to the PCI (Peripheral Component Interconnect) subsystem, specifically involving the handling of device rescanning during host controller probing. The root cause stems from a race condition introduced after the addition of PCI power control code. This race occurs between the power control platform device (pwrctl) rescanning the PCI bus and the host controller's probe functions. The host controller probe functions are responsible for adding devices to the system and must hold a rescan lock to ensure synchronization. Failure to hold this lock can lead to an undefined state where two devices are incompletely added simultaneously. This inconsistent state can cause a kernel crash when attempting to remove a device via sysfs, the virtual filesystem interface for device management. The crash is characterized by a NULL pointer dereference at a zero virtual address, resulting in an 'Oops' kernel panic. The stack trace indicates the fault occurs during sysfs file removal operations related to PCI device resource files. This vulnerability affects Linux kernel versions identified by the commit hash 4565d2652a37e438e4cd729e2a8dfeffe34c958c. Although no known exploits are currently reported in the wild, the issue is significant because it can cause system instability and denial of service (DoS) due to kernel crashes. The vulnerability does not require user interaction but involves kernel-level operations, implying that exploitation would likely require local privileges or specific conditions triggering device rescanning and removal. The absence of a CVSS score suggests this is a recently published issue, and the Linux community has acknowledged it with a patch to hold the rescan lock properly during device addition to prevent the race condition and subsequent crash.
Potential Impact
For European organizations, the impact of CVE-2024-50122 primarily revolves around system stability and availability. Linux is widely used in enterprise environments across Europe, including servers, cloud infrastructure, and embedded systems. A kernel crash caused by this vulnerability could lead to unexpected downtime, disrupting critical services and operations. This is particularly concerning for sectors relying heavily on Linux-based infrastructure, such as finance, telecommunications, manufacturing, and public services. The vulnerability could be exploited to cause denial of service by triggering the race condition, potentially impacting data centers and cloud providers hosting European customers. While there is no indication of data confidentiality or integrity compromise, the availability impact alone can have significant operational and financial consequences. Additionally, organizations using Linux in embedded or industrial control systems may face safety risks if devices suddenly crash. The lack of known exploits reduces immediate risk, but the vulnerability's nature means it could be targeted once widely known, especially in environments where PCI device hot-plugging or rescanning is common. Therefore, European organizations must prioritize patching to maintain system reliability and avoid service interruptions.
Mitigation Recommendations
To mitigate CVE-2024-50122, European organizations should: 1) Apply the official Linux kernel patches that address the race condition by ensuring the rescan lock is held during device addition in the PCI subsystem. Monitoring Linux kernel mailing lists and vendor advisories for updated kernel releases is essential. 2) For systems where immediate patching is not feasible, consider disabling PCI device hot-plugging or rescanning features temporarily to reduce the likelihood of triggering the race condition. 3) Implement robust monitoring of kernel logs and sysfs operations to detect early signs of device addition/removal failures or kernel warnings that could precede crashes. 4) Use kernel crash dump tools (kdump) to capture crash data for forensic analysis and to verify patch effectiveness. 5) In virtualized environments, coordinate with hypervisor vendors to ensure that guest Linux kernels are updated and that PCI device passthrough or hot-plug features are managed carefully. 6) Conduct thorough testing of kernel updates in staging environments to confirm stability before deployment in production. 7) Maintain strict access controls to limit local user privileges, as exploitation would likely require local access to trigger device rescanning and removal operations.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.954Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbdfffc
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 5:27:24 PM
Last updated: 8/12/2025, 5:37:42 AM
Views: 11
Related Threats
CVE-2025-41242: Vulnerability in VMware Spring Framework
MediumCVE-2025-47206: CWE-787 in QNAP Systems Inc. File Station 5
HighCVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.