CVE-2024-50271 is a vulnerability in the Linux kernel related to the enforcement of the RLIMIT_SIGPENDING resource limit, which controls the maximum number of queued signals a process can have pending. The issue arises from a behavioral change introduced in commit d64696905554, which reimplemented RLIMIT_SIGPENDING using ucounts. Previously, the limit was not enforced for signals when the override_rlimit flag was set, allowing certain signals to be delivered even if the limit was reached. However, the new implementation enforces the limit unconditionally, ignoring the override_rlimit flag. This causes failures in signal delivery when the limit is reached. For example, if a process hits the RLIMIT_SIGPENDING limit and receives a SIGSEGV (segmentation fault) signal, the kernel's sigqueue_alloc function fails to allocate resources for the signal delivery with siginfo data. Consequently, the process cannot obtain detailed fault information such as the fault address, impairing its ability to handle the error correctly. From the user-space perspective, applications remain unaware that the limit has been reached and that the siginfo data is effectively corrupted or missing. This leads to unpredictable application behavior and potential crashes, as observed in Java applications. The fix restores the previous behavior by passing the override_rlimit flag into the inc_rlimit_get_ucounts() function and skipping the limit comparison when override_rlimit is set, allowing signals to be delivered properly even if the limit is reached. This vulnerability does not have known exploits in the wild and does not have an assigned CVSS score yet.

For European organizations, this vulnerability can cause stability and reliability issues in critical Linux-based systems and applications, especially those that handle high volumes of signals or rely on precise signal handling for fault tolerance and error recovery. The inability to deliver signals with complete information can lead to silent failures, application crashes, or corrupted error handling states. This is particularly impactful for enterprise environments running Java applications or other software sensitive to signal handling, such as financial services, telecommunications, and industrial control systems. Since Linux is widely deployed across servers, cloud infrastructure, and embedded devices in Europe, the vulnerability could affect a broad range of sectors. Although it does not directly allow privilege escalation or remote code execution, the resulting instability could be exploited indirectly by attackers to cause denial of service or disrupt critical services. The lack of user-space awareness about the signal delivery failure complicates detection and troubleshooting, increasing operational risk.

European organizations should promptly apply the Linux kernel patch that restores the override_rlimit behavior as described. Given the subtlety of the issue, it is important to: 1) Audit and monitor applications that rely heavily on signal handling, especially Java-based services, for unexpected crashes or erratic behavior. 2) Increase logging and alerting around signal-related failures and resource limits to detect symptoms early. 3) Review and adjust RLIMIT_SIGPENDING settings where appropriate to avoid hitting limits under normal workloads. 4) Test critical applications in staging environments with the patched kernel to ensure stability and correct signal handling. 5) For environments where immediate patching is not feasible, consider implementing application-level retries or fallback mechanisms for fault handling to mitigate the impact of corrupted siginfo data. 6) Maintain up-to-date inventories of Linux kernel versions in use and prioritize patching for systems running affected commits. 7) Collaborate with Linux distribution vendors to receive timely updates and advisories.