CVE-2024-50222 is a vulnerability identified in the Linux kernel related to the handling of memory mapping and page copying operations under specific kernel configurations. The issue arises in the function copy_page_from_iter_atomic() when the kernel is compiled with the CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP option enabled, particularly on x86_32 architectures with high memory (highmem) enabled and tmpfs mounted with huge pages always active. Under these conditions, the kernel issues a warning and subsequently hangs in an interruptible state. The root cause is linked to the improper handling of local kernel mappings during atomic page copy operations, specifically in the kunmap_local_indexed() function, which leads to a kernel warning and system hang. The fix involves limiting the behavior of copy_page_from_iter_atomic() in this scenario, similar to the approach used in skb_frag_must_loop() in include/linux/skbuff.h. The vulnerability is tied to a debugging kernel configuration option that may be considered obsolete or overly surprising, suggesting that its removal might be warranted in the future. This vulnerability does not have any known exploits in the wild at the time of publication and affects specific kernel versions identified by commit hashes. No CVSS score has been assigned yet.

For European organizations, the impact of CVE-2024-50222 depends largely on whether they run Linux kernels compiled with the CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP option enabled, which is primarily a debugging feature and not commonly enabled in production environments. However, organizations using custom or specialized Linux builds for embedded systems, legacy x86_32 infrastructure, or development/testing environments might be affected. The vulnerability can cause system hangs, leading to denial of service (DoS) conditions. This can disrupt critical services, especially in environments relying on tmpfs with huge pages and high memory configurations. While the vulnerability does not appear to allow privilege escalation or data leakage, the availability impact could be significant for systems that depend on continuous uptime. Given the kernel hang occurs in interruptible context, it may be recoverable via reboot but could cause operational interruptions. The lack of known exploits reduces immediate risk, but the presence of a kernel hang in specific configurations warrants attention in sensitive or high-availability environments.

European organizations should first assess whether their Linux kernel builds include the CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP option, especially on x86_32 systems with highmem and tmpfs huge page configurations. For production systems, this debugging option is typically disabled; if enabled, it should be disabled to mitigate the risk. Applying the latest Linux kernel patches that address this issue is critical. Organizations should track kernel updates from their Linux distribution vendors or upstream kernel releases and apply them promptly. For environments where custom kernels are used, recompiling the kernel without CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP or applying the patch that limits copy_page_from_iter_atomic() behavior is recommended. Additionally, monitoring system logs for warnings related to kunmap_local_indexed and copy_page_from_iter_atomic can help detect attempts to trigger the issue. In high-availability environments, implementing automated recovery mechanisms to reboot affected systems can reduce downtime. Finally, organizations should review tmpfs and huge page usage to ensure configurations do not inadvertently expose this vulnerability.