CVE-2024-50147: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGE_PAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGE_PAGES. In addition, mlx5_cmd_trigger_completions() is trying to trigger completion for MANAGE_PAGES command as well. Hence, in case health error occurred before any MANAGE_PAGES command have been invoke (for example, during mlx5_enable_hca()), mlx5_cmd_trigger_completions() will try to trigger completion for MANAGE_PAGES command, which will result in null-ptr-deref error.[1] Fix it by Initialize command bitmask correctly. While at it, re-write the code for better understanding. [1] BUG: KASAN: null-ptr-deref in mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core] Write of size 4 at addr 0000000000000214 by task kworker/u96:2/12078 CPU: 10 PID: 12078 Comm: kworker/u96:2 Not tainted 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core] Call Trace: <TASK> dump_stack_lvl+0x7e/0xc0 kasan_report+0xb9/0xf0 kasan_check_range+0xec/0x190 mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core] mlx5_cmd_flush+0x94/0x240 [mlx5_core] enter_error_state+0x6c/0xd0 [mlx5_core] mlx5_fw_fatal_reporter_err_work+0xf3/0x480 [mlx5_core] process_one_work+0x787/0x1490 ? lockdep_hardirqs_on_prepare+0x400/0x400 ? pwq_dec_nr_in_flight+0xda0/0xda0 ? assign_work+0x168/0x240 worker_thread+0x586/0xd30 ? rescuer_thread+0xae0/0xae0 kthread+0x2df/0x3b0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x2d/0x70 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork_asm+0x11/0x20 </TASK>
AI Analysis
Technical Summary
CVE-2024-50147 is a vulnerability identified in the Linux kernel's mlx5_core driver, which manages Mellanox ConnectX-5 and later network adapters. The flaw arises from improper initialization of a command bitmask related to the MANAGE_PAGES command. Specifically, the bitmask dedicated to this command is not initialized during the general command bitmask setup but only during the execution of the MANAGE_PAGES command itself. This leads to a scenario where the function mlx5_cmd_trigger_completions() attempts to trigger completion for the MANAGE_PAGES command even if no such command has been invoked yet. If a health error occurs before any MANAGE_PAGES command is issued, such as during the mlx5_enable_hca() initialization phase, the function will dereference a null pointer, causing a kernel crash (null pointer dereference). The vulnerability is confirmed by a Kernel Address Sanitizer (KASAN) report showing a null pointer dereference in mlx5_cmd_trigger_completions(), triggered by a workqueue handling firmware fatal errors. This bug can lead to a denial of service (DoS) condition by crashing the kernel or causing instability in systems using affected mlx5 devices. The patch involves correctly initializing the command bitmask for the MANAGE_PAGES command and rewriting the relevant code for clarity and robustness. The vulnerability affects Linux kernel versions containing the specified commit hash (9b98d395b85dd042fe83fb696b1ac02e6c93a520) and likely other versions prior to the fix. No known exploits are reported in the wild as of the publication date. The issue is technical and specific to the mlx5 driver, which is critical for high-performance networking in data centers and enterprise environments relying on Mellanox hardware.
Potential Impact
For European organizations, the impact of CVE-2024-50147 primarily concerns systems running Linux kernels with the affected mlx5 driver managing Mellanox ConnectX-5 or newer network adapters. These adapters are widely used in high-performance computing, cloud infrastructure, and data centers, including those operated by telecom providers, financial institutions, research centers, and large enterprises across Europe. A successful exploitation leads to a kernel crash via null pointer dereference, resulting in denial of service and potential disruption of critical network services. This can affect availability of services, cause downtime, and impact business continuity. Although this vulnerability does not appear to allow privilege escalation or remote code execution directly, the induced DoS can be leveraged in targeted attacks or combined with other vulnerabilities to increase impact. European organizations relying on Linux-based infrastructure with Mellanox hardware should consider this a significant stability and availability risk, especially in environments requiring high uptime and low latency. The lack of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once the vulnerability details are public.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-50147 as soon as they become available from trusted sources or Linux distributions. Monitor vendor advisories for updated kernel packages containing the fix. 2. For organizations unable to immediately patch, consider temporarily disabling or unloading the mlx5 driver if feasible, or isolating affected systems from critical network segments to reduce exposure. 3. Implement robust kernel crash monitoring and automated recovery mechanisms to minimize downtime caused by potential exploitation. 4. Conduct thorough testing of kernel updates in staging environments to ensure compatibility and stability before deployment in production. 5. Maintain up-to-date inventory of hardware using Mellanox ConnectX-5 or newer adapters and Linux kernel versions to prioritize patching efforts. 6. Employ network segmentation and access controls to limit exposure of vulnerable systems to untrusted networks or users. 7. Stay informed through security mailing lists and vendor communications for any emerging exploit reports or additional mitigation guidance. These steps go beyond generic advice by focusing on hardware-specific risk management, operational continuity, and proactive patch management tailored to the mlx5 driver context.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland, Italy
CVE-2024-50147: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGE_PAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGE_PAGES. In addition, mlx5_cmd_trigger_completions() is trying to trigger completion for MANAGE_PAGES command as well. Hence, in case health error occurred before any MANAGE_PAGES command have been invoke (for example, during mlx5_enable_hca()), mlx5_cmd_trigger_completions() will try to trigger completion for MANAGE_PAGES command, which will result in null-ptr-deref error.[1] Fix it by Initialize command bitmask correctly. While at it, re-write the code for better understanding. [1] BUG: KASAN: null-ptr-deref in mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core] Write of size 4 at addr 0000000000000214 by task kworker/u96:2/12078 CPU: 10 PID: 12078 Comm: kworker/u96:2 Not tainted 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core] Call Trace: <TASK> dump_stack_lvl+0x7e/0xc0 kasan_report+0xb9/0xf0 kasan_check_range+0xec/0x190 mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core] mlx5_cmd_flush+0x94/0x240 [mlx5_core] enter_error_state+0x6c/0xd0 [mlx5_core] mlx5_fw_fatal_reporter_err_work+0xf3/0x480 [mlx5_core] process_one_work+0x787/0x1490 ? lockdep_hardirqs_on_prepare+0x400/0x400 ? pwq_dec_nr_in_flight+0xda0/0xda0 ? assign_work+0x168/0x240 worker_thread+0x586/0xd30 ? rescuer_thread+0xae0/0xae0 kthread+0x2df/0x3b0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x2d/0x70 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork_asm+0x11/0x20 </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2024-50147 is a vulnerability identified in the Linux kernel's mlx5_core driver, which manages Mellanox ConnectX-5 and later network adapters. The flaw arises from improper initialization of a command bitmask related to the MANAGE_PAGES command. Specifically, the bitmask dedicated to this command is not initialized during the general command bitmask setup but only during the execution of the MANAGE_PAGES command itself. This leads to a scenario where the function mlx5_cmd_trigger_completions() attempts to trigger completion for the MANAGE_PAGES command even if no such command has been invoked yet. If a health error occurs before any MANAGE_PAGES command is issued, such as during the mlx5_enable_hca() initialization phase, the function will dereference a null pointer, causing a kernel crash (null pointer dereference). The vulnerability is confirmed by a Kernel Address Sanitizer (KASAN) report showing a null pointer dereference in mlx5_cmd_trigger_completions(), triggered by a workqueue handling firmware fatal errors. This bug can lead to a denial of service (DoS) condition by crashing the kernel or causing instability in systems using affected mlx5 devices. The patch involves correctly initializing the command bitmask for the MANAGE_PAGES command and rewriting the relevant code for clarity and robustness. The vulnerability affects Linux kernel versions containing the specified commit hash (9b98d395b85dd042fe83fb696b1ac02e6c93a520) and likely other versions prior to the fix. No known exploits are reported in the wild as of the publication date. The issue is technical and specific to the mlx5 driver, which is critical for high-performance networking in data centers and enterprise environments relying on Mellanox hardware.
Potential Impact
For European organizations, the impact of CVE-2024-50147 primarily concerns systems running Linux kernels with the affected mlx5 driver managing Mellanox ConnectX-5 or newer network adapters. These adapters are widely used in high-performance computing, cloud infrastructure, and data centers, including those operated by telecom providers, financial institutions, research centers, and large enterprises across Europe. A successful exploitation leads to a kernel crash via null pointer dereference, resulting in denial of service and potential disruption of critical network services. This can affect availability of services, cause downtime, and impact business continuity. Although this vulnerability does not appear to allow privilege escalation or remote code execution directly, the induced DoS can be leveraged in targeted attacks or combined with other vulnerabilities to increase impact. European organizations relying on Linux-based infrastructure with Mellanox hardware should consider this a significant stability and availability risk, especially in environments requiring high uptime and low latency. The lack of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once the vulnerability details are public.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-50147 as soon as they become available from trusted sources or Linux distributions. Monitor vendor advisories for updated kernel packages containing the fix. 2. For organizations unable to immediately patch, consider temporarily disabling or unloading the mlx5 driver if feasible, or isolating affected systems from critical network segments to reduce exposure. 3. Implement robust kernel crash monitoring and automated recovery mechanisms to minimize downtime caused by potential exploitation. 4. Conduct thorough testing of kernel updates in staging environments to ensure compatibility and stability before deployment in production. 5. Maintain up-to-date inventory of hardware using Mellanox ConnectX-5 or newer adapters and Linux kernel versions to prioritize patching efforts. 6. Employ network segmentation and access controls to limit exposure of vulnerable systems to untrusted networks or users. 7. Stay informed through security mailing lists and vendor communications for any emerging exploit reports or additional mitigation guidance. These steps go beyond generic advice by focusing on hardware-specific risk management, operational continuity, and proactive patch management tailored to the mlx5 driver context.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.958Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe00c4
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 5:55:02 PM
Last updated: 7/30/2025, 8:25:16 PM
Views: 12
Related Threats
CVE-2025-54864: CWE-306: Missing Authentication for Critical Function in NixOS hydra
MediumCVE-2025-54800: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in NixOS hydra
HighCVE-2025-8452: CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory in Brother Industries, Ltd HL-L8260CDN
MediumCVE-2025-5468: CWE-61: UNIX Symbolic Link in Ivanti Connect Secure
MediumCVE-2025-5466: CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') in Ivanti Connect Secure
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.