CVE-2024-50155: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: netdevsim: use cond_resched() in nsim_dev_trap_report_work() I am still seeing many syzbot reports hinting that syzbot might fool nsim_dev_trap_report_work() with hundreds of ports [1] Lets use cond_resched(), and system_unbound_wq instead of implicit system_wq. [1] INFO: task syz-executor:20633 blocked for more than 143 seconds. Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006 ... NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events nsim_dev_trap_report_work RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210 Code: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0 RSP: 0018:ffffc90000a187e8 EFLAGS: 00000246 RAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00 RDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577 R10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000 R13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <TASK> __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 spin_unlock_bh include/linux/spinlock.h:396 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline] nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK>
AI Analysis
Technical Summary
CVE-2024-50155 is a vulnerability identified in the Linux kernel specifically affecting the netdevsim (Network Device Simulator) component. The issue arises in the function nsim_dev_trap_report_work(), which is responsible for handling simulated network device traps. The vulnerability is related to the improper handling of scheduling within this function, where the lack of explicit calls to cond_resched() (a kernel function that allows the scheduler to preempt the current task) can cause the syzbot fuzzing tool's executor task to become blocked for extended periods, as evidenced by reports of tasks being blocked for over 143 seconds. This blocking behavior indicates a potential for denial of service (DoS) conditions due to kernel workqueue threads being stalled. The patch involves introducing cond_resched() calls and switching from the implicit system workqueue (system_wq) to a dedicated unbound workqueue (system_unbound_wq), which improves scheduling fairness and responsiveness under heavy load or fuzzing conditions. The vulnerability was observed in Linux kernel versions around 6.12.0-rc2 and affects multiple commits identified by their hashes. Although the vulnerability does not appear to have known exploits in the wild, it highlights a kernel-level scheduling flaw that could be triggered by workloads or fuzzing tools generating hundreds of ports or traps, potentially leading to system instability or denial of service. The issue is primarily a resource management and scheduling bug within the kernel's network simulation subsystem rather than a direct memory corruption or privilege escalation flaw.
Potential Impact
For European organizations, the impact of CVE-2024-50155 is primarily related to system availability and stability. Organizations running Linux kernels with the affected netdevsim component—commonly used for testing and simulation of network devices—may experience kernel worker threads becoming blocked, leading to degraded system performance or denial of service conditions. This can affect development, testing environments, or production systems that utilize netdevsim for network simulation or testing purposes. While the vulnerability does not directly compromise confidentiality or integrity, the resulting denial of service could disrupt critical network testing workflows or automated fuzzing operations, potentially delaying development cycles or impacting quality assurance processes. In environments where Linux is used extensively, such as cloud infrastructure providers, telecom operators, or enterprises relying on Linux-based network appliances, this could translate into operational disruptions. However, since netdevsim is a specialized component not typically enabled in standard production kernels, the overall impact on general-purpose Linux deployments may be limited. Nonetheless, organizations involved in kernel development, network device simulation, or fuzz testing should prioritize addressing this vulnerability to maintain system reliability.
Mitigation Recommendations
To mitigate CVE-2024-50155, organizations should: 1) Apply the latest Linux kernel updates that include the patch introducing cond_resched() calls and the use of system_unbound_wq in the netdevsim driver. This is the definitive fix to prevent task blocking and improve scheduling behavior. 2) Review and restrict the use of netdevsim in production environments; disable or remove the module if not required, as it is primarily intended for testing and simulation. 3) Monitor kernel logs for hung task warnings or blocked worker threads related to nsim_dev_trap_report_work to detect potential triggering of this issue. 4) In development or testing environments using fuzzing tools like syzbot, consider limiting the number of simulated ports or traps to reduce the likelihood of triggering the blocking condition. 5) Implement kernel tuning parameters that control hung task detection and scheduling behavior to minimize impact during testing. 6) Maintain strict control over kernel versions deployed in critical environments and ensure timely patch management to incorporate fixes for emerging vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-50155: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: netdevsim: use cond_resched() in nsim_dev_trap_report_work() I am still seeing many syzbot reports hinting that syzbot might fool nsim_dev_trap_report_work() with hundreds of ports [1] Lets use cond_resched(), and system_unbound_wq instead of implicit system_wq. [1] INFO: task syz-executor:20633 blocked for more than 143 seconds. Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006 ... NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events nsim_dev_trap_report_work RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210 Code: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0 RSP: 0018:ffffc90000a187e8 EFLAGS: 00000246 RAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00 RDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577 R10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000 R13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <TASK> __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 spin_unlock_bh include/linux/spinlock.h:396 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline] nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2024-50155 is a vulnerability identified in the Linux kernel specifically affecting the netdevsim (Network Device Simulator) component. The issue arises in the function nsim_dev_trap_report_work(), which is responsible for handling simulated network device traps. The vulnerability is related to the improper handling of scheduling within this function, where the lack of explicit calls to cond_resched() (a kernel function that allows the scheduler to preempt the current task) can cause the syzbot fuzzing tool's executor task to become blocked for extended periods, as evidenced by reports of tasks being blocked for over 143 seconds. This blocking behavior indicates a potential for denial of service (DoS) conditions due to kernel workqueue threads being stalled. The patch involves introducing cond_resched() calls and switching from the implicit system workqueue (system_wq) to a dedicated unbound workqueue (system_unbound_wq), which improves scheduling fairness and responsiveness under heavy load or fuzzing conditions. The vulnerability was observed in Linux kernel versions around 6.12.0-rc2 and affects multiple commits identified by their hashes. Although the vulnerability does not appear to have known exploits in the wild, it highlights a kernel-level scheduling flaw that could be triggered by workloads or fuzzing tools generating hundreds of ports or traps, potentially leading to system instability or denial of service. The issue is primarily a resource management and scheduling bug within the kernel's network simulation subsystem rather than a direct memory corruption or privilege escalation flaw.
Potential Impact
For European organizations, the impact of CVE-2024-50155 is primarily related to system availability and stability. Organizations running Linux kernels with the affected netdevsim component—commonly used for testing and simulation of network devices—may experience kernel worker threads becoming blocked, leading to degraded system performance or denial of service conditions. This can affect development, testing environments, or production systems that utilize netdevsim for network simulation or testing purposes. While the vulnerability does not directly compromise confidentiality or integrity, the resulting denial of service could disrupt critical network testing workflows or automated fuzzing operations, potentially delaying development cycles or impacting quality assurance processes. In environments where Linux is used extensively, such as cloud infrastructure providers, telecom operators, or enterprises relying on Linux-based network appliances, this could translate into operational disruptions. However, since netdevsim is a specialized component not typically enabled in standard production kernels, the overall impact on general-purpose Linux deployments may be limited. Nonetheless, organizations involved in kernel development, network device simulation, or fuzz testing should prioritize addressing this vulnerability to maintain system reliability.
Mitigation Recommendations
To mitigate CVE-2024-50155, organizations should: 1) Apply the latest Linux kernel updates that include the patch introducing cond_resched() calls and the use of system_unbound_wq in the netdevsim driver. This is the definitive fix to prevent task blocking and improve scheduling behavior. 2) Review and restrict the use of netdevsim in production environments; disable or remove the module if not required, as it is primarily intended for testing and simulation. 3) Monitor kernel logs for hung task warnings or blocked worker threads related to nsim_dev_trap_report_work to detect potential triggering of this issue. 4) In development or testing environments using fuzzing tools like syzbot, consider limiting the number of simulated ports or traps to reduce the likelihood of triggering the blocking condition. 5) Implement kernel tuning parameters that control hung task detection and scheduling behavior to minimize impact during testing. 6) Maintain strict control over kernel versions deployed in critical environments and ensure timely patch management to incorporate fixes for emerging vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.960Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdcf4d
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 9:56:28 PM
Last updated: 7/31/2025, 8:45:51 AM
Views: 16
Related Threats
CVE-2025-38738: CWE-266: Incorrect Privilege Assignment in Dell SupportAssist for Home PCs
MediumCVE-2025-36612: CWE-266: Incorrect Privilege Assignment in Dell SupportAssist for Business PCs
MediumCVE-2025-9041: CWE-1287: Improper Validation of Specified Type of Input in Rockwell Automation FLEX 5000 I/O
HighCVE-2025-43983: n/a
CriticalCVE-2025-9042: CWE-1287: Improper Validation of Specified Type of Input in Rockwell Automation FLEX 5000 I/O
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.