CVE-2024-50141: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type EFI_CONVENTIONAL_MEMORY, which is not appropriate for runtime services as described in Section 2.2.2 (Runtime Services) of the UEFI Specification [1]. Since the PRM handler is a type of runtime service, this causes an exception when the PRM handler is called. [Firmware Bug]: Unable to handle paging request in EFI runtime service WARNING: CPU: 22 PID: 4330 at drivers/firmware/efi/runtime-wrappers.c:341 __efi_queue_work+0x11c/0x170 Call trace: Let PRMT find a block with EFI_MEMORY_RUNTIME for PRM handler and PRM context. If no suitable block is found, a warning message will be printed, but the procedure continues to manage the next PRM handler. However, if the PRM handler is actually called without proper allocation, it would result in a failure during error handling. By using the correct memory types for runtime services, ensure that the PRM handler and the context are properly mapped in the virtual address space during runtime, preventing the paging request error. The issue is really that only memory that has been remapped for runtime by the firmware can be used by the PRM handler, and so the region needs to have the EFI_MEMORY_RUNTIME attribute. [ rjw: Subject and changelog edits ]
AI Analysis
Technical Summary
CVE-2024-50141 is a vulnerability identified in the Linux kernel related to the handling of ACPI Platform Runtime Mechanism (PRM) within the EFI (Extensible Firmware Interface) runtime services context. The issue arises because the PRMT (Platform Runtime Mechanism Table) incorrectly identifies a memory block of type EFI_CONVENTIONAL_MEMORY instead of EFI_MEMORY_RUNTIME when mapping physical to virtual addresses for PRM handlers and their contexts. According to the UEFI Specification, runtime services must operate on memory regions marked with the EFI_MEMORY_RUNTIME attribute to ensure proper virtual address mapping during runtime. Using an incorrect memory type leads to exceptions and paging errors when the PRM handler is invoked, as the memory region is not properly remapped for runtime use by the firmware. This manifests as kernel warnings and potential failures in error handling during runtime service calls. The vulnerability is rooted in firmware memory management and kernel interaction, specifically in the file drivers/firmware/efi/runtime-wrappers.c. The fix involves ensuring that the PRMT locates and uses memory blocks with the EFI_MEMORY_RUNTIME attribute for PRM handlers and contexts, preventing paging faults and maintaining stable runtime service operation. If no suitable EFI_MEMORY_RUNTIME block is found, the kernel logs a warning but continues processing other handlers, reducing the risk of a complete system failure. This vulnerability does not currently have known exploits in the wild and lacks a CVSS score, but it affects Linux kernel versions identified by the commit cefc7ca46235f01d5233e3abd4b79452af01d9e9 and similar revisions. The issue is technical and low-level, involving firmware and kernel memory management during EFI runtime services, which are critical for system stability and security during OS runtime interactions with firmware.
Potential Impact
For European organizations, the impact of CVE-2024-50141 primarily concerns systems running Linux kernels with affected versions on hardware utilizing UEFI firmware and ACPI runtime services. The vulnerability can cause kernel exceptions and failures during EFI runtime service calls, potentially leading to system instability or crashes. While it does not directly enable privilege escalation or remote code execution, the instability can disrupt critical services, especially in environments relying on Linux servers for infrastructure, cloud services, or embedded systems. Organizations in sectors such as finance, healthcare, telecommunications, and critical infrastructure could experience operational disruptions if affected systems encounter runtime service failures. Additionally, since EFI runtime services are involved in secure boot and firmware interactions, improper handling could indirectly affect system integrity or complicate firmware updates and error recovery. However, the lack of known exploits and the requirement for specific firmware and kernel configurations limit the immediate risk. The vulnerability is more likely to impact system reliability and availability rather than confidentiality or integrity directly. European organizations with large Linux deployments, especially those using custom or older firmware implementations, should prioritize patching to avoid unexpected system behavior.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-50141 as soon as they become available from trusted sources or Linux distribution vendors. 2. Verify that firmware (UEFI) on affected systems is up to date, as firmware updates may improve EFI_MEMORY_RUNTIME memory region management and compatibility. 3. Conduct thorough testing of kernel updates in staging environments to ensure that EFI runtime services operate correctly without triggering paging faults. 4. Monitor kernel logs for warnings related to EFI runtime services and PRM handlers to detect potential issues early. 5. For critical systems, consider implementing redundancy and failover mechanisms to mitigate the impact of potential runtime service failures. 6. Engage with hardware vendors to confirm compliance with UEFI specifications regarding EFI_MEMORY_RUNTIME attributes and runtime memory remapping. 7. Educate system administrators about the importance of maintaining synchronized firmware and kernel versions to prevent runtime service incompatibilities. 8. Avoid running unsupported or heavily customized kernels that may not include the fix or handle EFI runtime services correctly.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-50141: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type EFI_CONVENTIONAL_MEMORY, which is not appropriate for runtime services as described in Section 2.2.2 (Runtime Services) of the UEFI Specification [1]. Since the PRM handler is a type of runtime service, this causes an exception when the PRM handler is called. [Firmware Bug]: Unable to handle paging request in EFI runtime service WARNING: CPU: 22 PID: 4330 at drivers/firmware/efi/runtime-wrappers.c:341 __efi_queue_work+0x11c/0x170 Call trace: Let PRMT find a block with EFI_MEMORY_RUNTIME for PRM handler and PRM context. If no suitable block is found, a warning message will be printed, but the procedure continues to manage the next PRM handler. However, if the PRM handler is actually called without proper allocation, it would result in a failure during error handling. By using the correct memory types for runtime services, ensure that the PRM handler and the context are properly mapped in the virtual address space during runtime, preventing the paging request error. The issue is really that only memory that has been remapped for runtime by the firmware can be used by the PRM handler, and so the region needs to have the EFI_MEMORY_RUNTIME attribute. [ rjw: Subject and changelog edits ]
AI-Powered Analysis
Technical Analysis
CVE-2024-50141 is a vulnerability identified in the Linux kernel related to the handling of ACPI Platform Runtime Mechanism (PRM) within the EFI (Extensible Firmware Interface) runtime services context. The issue arises because the PRMT (Platform Runtime Mechanism Table) incorrectly identifies a memory block of type EFI_CONVENTIONAL_MEMORY instead of EFI_MEMORY_RUNTIME when mapping physical to virtual addresses for PRM handlers and their contexts. According to the UEFI Specification, runtime services must operate on memory regions marked with the EFI_MEMORY_RUNTIME attribute to ensure proper virtual address mapping during runtime. Using an incorrect memory type leads to exceptions and paging errors when the PRM handler is invoked, as the memory region is not properly remapped for runtime use by the firmware. This manifests as kernel warnings and potential failures in error handling during runtime service calls. The vulnerability is rooted in firmware memory management and kernel interaction, specifically in the file drivers/firmware/efi/runtime-wrappers.c. The fix involves ensuring that the PRMT locates and uses memory blocks with the EFI_MEMORY_RUNTIME attribute for PRM handlers and contexts, preventing paging faults and maintaining stable runtime service operation. If no suitable EFI_MEMORY_RUNTIME block is found, the kernel logs a warning but continues processing other handlers, reducing the risk of a complete system failure. This vulnerability does not currently have known exploits in the wild and lacks a CVSS score, but it affects Linux kernel versions identified by the commit cefc7ca46235f01d5233e3abd4b79452af01d9e9 and similar revisions. The issue is technical and low-level, involving firmware and kernel memory management during EFI runtime services, which are critical for system stability and security during OS runtime interactions with firmware.
Potential Impact
For European organizations, the impact of CVE-2024-50141 primarily concerns systems running Linux kernels with affected versions on hardware utilizing UEFI firmware and ACPI runtime services. The vulnerability can cause kernel exceptions and failures during EFI runtime service calls, potentially leading to system instability or crashes. While it does not directly enable privilege escalation or remote code execution, the instability can disrupt critical services, especially in environments relying on Linux servers for infrastructure, cloud services, or embedded systems. Organizations in sectors such as finance, healthcare, telecommunications, and critical infrastructure could experience operational disruptions if affected systems encounter runtime service failures. Additionally, since EFI runtime services are involved in secure boot and firmware interactions, improper handling could indirectly affect system integrity or complicate firmware updates and error recovery. However, the lack of known exploits and the requirement for specific firmware and kernel configurations limit the immediate risk. The vulnerability is more likely to impact system reliability and availability rather than confidentiality or integrity directly. European organizations with large Linux deployments, especially those using custom or older firmware implementations, should prioritize patching to avoid unexpected system behavior.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-50141 as soon as they become available from trusted sources or Linux distribution vendors. 2. Verify that firmware (UEFI) on affected systems is up to date, as firmware updates may improve EFI_MEMORY_RUNTIME memory region management and compatibility. 3. Conduct thorough testing of kernel updates in staging environments to ensure that EFI runtime services operate correctly without triggering paging faults. 4. Monitor kernel logs for warnings related to EFI runtime services and PRM handlers to detect potential issues early. 5. For critical systems, consider implementing redundancy and failover mechanisms to mitigate the impact of potential runtime service failures. 6. Engage with hardware vendors to confirm compliance with UEFI specifications regarding EFI_MEMORY_RUNTIME attributes and runtime memory remapping. 7. Educate system administrators about the importance of maintaining synchronized firmware and kernel versions to prevent runtime service incompatibilities. 8. Avoid running unsupported or heavily customized kernels that may not include the fix or handle EFI runtime services correctly.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.956Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe00a3
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 5:41:30 PM
Last updated: 7/30/2025, 8:02:51 PM
Views: 12
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.