CVE-2024-50303: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: resource,kexec: walk_system_ram_res_rev must retain resource flags walk_system_ram_res_rev() erroneously discards resource flags when passing the information to the callback. This causes systems with IORESOURCE_SYSRAM_DRIVER_MANAGED memory to have these resources selected during kexec to store kexec buffers if that memory happens to be at placed above normal system ram. This leads to undefined behavior after reboot. If the kexec buffer is never touched, nothing happens. If the kexec buffer is touched, it could lead to a crash (like below) or undefined behavior. Tested on a system with CXL memory expanders with driver managed memory, TPM enabled, and CONFIG_IMA_KEXEC=y. Adding printk's showed the flags were being discarded and as a result the check for IORESOURCE_SYSRAM_DRIVER_MANAGED passes. find_next_iomem_res: name(System RAM (kmem)) start(10000000000) end(1034fffffff) flags(83000200) locate_mem_hole_top_down: start(10000000000) end(1034fffffff) flags(0) [.] BUG: unable to handle page fault for address: ffff89834ffff000 [.] #PF: supervisor read access in kernel mode [.] #PF: error_code(0x0000) - not-present page [.] PGD c04c8bf067 P4D c04c8bf067 PUD c04c8be067 PMD 0 [.] Oops: 0000 [#1] SMP [.] RIP: 0010:ima_restore_measurement_list+0x95/0x4b0 [.] RSP: 0018:ffffc900000d3a80 EFLAGS: 00010286 [.] RAX: 0000000000001000 RBX: 0000000000000000 RCX: ffff89834ffff000 [.] RDX: 0000000000000018 RSI: ffff89834ffff000 RDI: ffff89834ffff018 [.] RBP: ffffc900000d3ba0 R08: 0000000000000020 R09: ffff888132b8a900 [.] R10: 4000000000000000 R11: 000000003a616d69 R12: 0000000000000000 [.] R13: ffffffff8404ac28 R14: 0000000000000000 R15: ffff89834ffff000 [.] FS: 0000000000000000(0000) GS:ffff893d44640000(0000) knlGS:0000000000000000 [.] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [.] ata5: SATA link down (SStatus 0 SControl 300) [.] CR2: ffff89834ffff000 CR3: 000001034d00f001 CR4: 0000000000770ef0 [.] PKRU: 55555554 [.] Call Trace: [.] <TASK> [.] ? __die+0x78/0xc0 [.] ? page_fault_oops+0x2a8/0x3a0 [.] ? exc_page_fault+0x84/0x130 [.] ? asm_exc_page_fault+0x22/0x30 [.] ? ima_restore_measurement_list+0x95/0x4b0 [.] ? template_desc_init_fields+0x317/0x410 [.] ? crypto_alloc_tfm_node+0x9c/0xc0 [.] ? init_ima_lsm+0x30/0x30 [.] ima_load_kexec_buffer+0x72/0xa0 [.] ima_init+0x44/0xa0 [.] __initstub__kmod_ima__373_1201_init_ima7+0x1e/0xb0 [.] ? init_ima_lsm+0x30/0x30 [.] do_one_initcall+0xad/0x200 [.] ? idr_alloc_cyclic+0xaa/0x110 [.] ? new_slab+0x12c/0x420 [.] ? new_slab+0x12c/0x420 [.] ? number+0x12a/0x430 [.] ? sysvec_apic_timer_interrupt+0xa/0x80 [.] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [.] ? parse_args+0xd4/0x380 [.] ? parse_args+0x14b/0x380 [.] kernel_init_freeable+0x1c1/0x2b0 [.] ? rest_init+0xb0/0xb0 [.] kernel_init+0x16/0x1a0 [.] ret_from_fork+0x2f/0x40 [.] ? rest_init+0xb0/0xb0 [.] ret_from_fork_asm+0x11/0x20 [.] </TASK>
AI Analysis
Technical Summary
CVE-2024-50303 is a vulnerability identified in the Linux kernel related to the handling of system RAM resources during the kexec process. Specifically, the function walk_system_ram_res_rev() erroneously discards resource flags when passing memory resource information to its callback. This flaw affects systems that have IORESOURCE_SYSRAM_DRIVER_MANAGED memory regions, particularly when such memory is located above the normal system RAM address range. The improper handling causes these memory resources to be mistakenly selected for storing kexec buffers. Kexec is a mechanism that allows loading and booting into a new kernel without going through a full hardware reboot. The consequence of this mismanagement is undefined behavior after a kexec reboot. If the kexec buffer is never accessed, the system may appear unaffected. However, if the buffer is accessed, it can lead to kernel crashes or other unpredictable behavior. The vulnerability was tested on systems with CXL memory expanders (which provide additional driver-managed memory), TPM enabled, and the kernel configured with IMA kexec support (CONFIG_IMA_KEXEC=y). Kernel logs demonstrate that resource flags are lost, causing the system to treat driver-managed memory as normal system RAM, leading to page faults and kernel oops errors during the IMA measurement list restoration phase after reboot. This vulnerability is subtle and specific to advanced memory configurations involving driver-managed system RAM and kexec. It can cause system instability or crashes post-kexec reboot, impacting system availability. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The issue is primarily a kernel memory management bug affecting Linux kernel versions identified by the given commit hashes.
Potential Impact
For European organizations, the impact of CVE-2024-50303 depends on their use of Linux systems with advanced memory configurations such as CXL memory expanders and TPM, and whether they utilize kexec for kernel reboots. Organizations relying on kexec for fast kernel switching or system recovery could face unexpected system crashes or undefined behavior after reboot, potentially leading to downtime or service interruptions. This is particularly critical for data centers, cloud providers, and enterprises running high-availability Linux servers with these configurations. The vulnerability affects system availability primarily, as kernel crashes can cause service outages. Confidentiality and integrity impacts are less direct but could arise if system instability leads to failures in security modules like IMA (Integrity Measurement Architecture). Systems with TPM and IMA enabled may experience failures in security measurement restoration, potentially weakening trust in system integrity post-reboot. Given the complexity of the affected configurations, the threat is more relevant to organizations with cutting-edge hardware deployments or specialized Linux kernel setups rather than typical desktop or server environments. However, critical infrastructure or research institutions using such configurations in Europe could be at risk of operational disruption.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this issue as soon as they become available. Monitor Linux kernel mailing lists and vendor advisories for updates related to CVE-2024-50303. 2. Until patches are applied, avoid using kexec on systems with IORESOURCE_SYSRAM_DRIVER_MANAGED memory regions, especially those with CXL memory expanders and TPM enabled. 3. Review system configurations to identify the presence of driver-managed system RAM and evaluate the necessity of kexec usage in these environments. 4. Implement rigorous testing of kernel updates and kexec operations in controlled environments before deploying to production systems. 5. Monitor kernel logs for page faults or oops messages related to ima_restore_measurement_list or kexec buffer handling, which may indicate exploitation or manifestation of this vulnerability. 6. Coordinate with hardware vendors to understand the deployment of CXL memory expanders and ensure firmware and drivers are up to date to minimize related risks. 7. For critical systems, consider fallback mechanisms or redundant systems to maintain availability in case of crashes triggered by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland
CVE-2024-50303: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: resource,kexec: walk_system_ram_res_rev must retain resource flags walk_system_ram_res_rev() erroneously discards resource flags when passing the information to the callback. This causes systems with IORESOURCE_SYSRAM_DRIVER_MANAGED memory to have these resources selected during kexec to store kexec buffers if that memory happens to be at placed above normal system ram. This leads to undefined behavior after reboot. If the kexec buffer is never touched, nothing happens. If the kexec buffer is touched, it could lead to a crash (like below) or undefined behavior. Tested on a system with CXL memory expanders with driver managed memory, TPM enabled, and CONFIG_IMA_KEXEC=y. Adding printk's showed the flags were being discarded and as a result the check for IORESOURCE_SYSRAM_DRIVER_MANAGED passes. find_next_iomem_res: name(System RAM (kmem)) start(10000000000) end(1034fffffff) flags(83000200) locate_mem_hole_top_down: start(10000000000) end(1034fffffff) flags(0) [.] BUG: unable to handle page fault for address: ffff89834ffff000 [.] #PF: supervisor read access in kernel mode [.] #PF: error_code(0x0000) - not-present page [.] PGD c04c8bf067 P4D c04c8bf067 PUD c04c8be067 PMD 0 [.] Oops: 0000 [#1] SMP [.] RIP: 0010:ima_restore_measurement_list+0x95/0x4b0 [.] RSP: 0018:ffffc900000d3a80 EFLAGS: 00010286 [.] RAX: 0000000000001000 RBX: 0000000000000000 RCX: ffff89834ffff000 [.] RDX: 0000000000000018 RSI: ffff89834ffff000 RDI: ffff89834ffff018 [.] RBP: ffffc900000d3ba0 R08: 0000000000000020 R09: ffff888132b8a900 [.] R10: 4000000000000000 R11: 000000003a616d69 R12: 0000000000000000 [.] R13: ffffffff8404ac28 R14: 0000000000000000 R15: ffff89834ffff000 [.] FS: 0000000000000000(0000) GS:ffff893d44640000(0000) knlGS:0000000000000000 [.] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [.] ata5: SATA link down (SStatus 0 SControl 300) [.] CR2: ffff89834ffff000 CR3: 000001034d00f001 CR4: 0000000000770ef0 [.] PKRU: 55555554 [.] Call Trace: [.] <TASK> [.] ? __die+0x78/0xc0 [.] ? page_fault_oops+0x2a8/0x3a0 [.] ? exc_page_fault+0x84/0x130 [.] ? asm_exc_page_fault+0x22/0x30 [.] ? ima_restore_measurement_list+0x95/0x4b0 [.] ? template_desc_init_fields+0x317/0x410 [.] ? crypto_alloc_tfm_node+0x9c/0xc0 [.] ? init_ima_lsm+0x30/0x30 [.] ima_load_kexec_buffer+0x72/0xa0 [.] ima_init+0x44/0xa0 [.] __initstub__kmod_ima__373_1201_init_ima7+0x1e/0xb0 [.] ? init_ima_lsm+0x30/0x30 [.] do_one_initcall+0xad/0x200 [.] ? idr_alloc_cyclic+0xaa/0x110 [.] ? new_slab+0x12c/0x420 [.] ? new_slab+0x12c/0x420 [.] ? number+0x12a/0x430 [.] ? sysvec_apic_timer_interrupt+0xa/0x80 [.] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [.] ? parse_args+0xd4/0x380 [.] ? parse_args+0x14b/0x380 [.] kernel_init_freeable+0x1c1/0x2b0 [.] ? rest_init+0xb0/0xb0 [.] kernel_init+0x16/0x1a0 [.] ret_from_fork+0x2f/0x40 [.] ? rest_init+0xb0/0xb0 [.] ret_from_fork_asm+0x11/0x20 [.] </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2024-50303 is a vulnerability identified in the Linux kernel related to the handling of system RAM resources during the kexec process. Specifically, the function walk_system_ram_res_rev() erroneously discards resource flags when passing memory resource information to its callback. This flaw affects systems that have IORESOURCE_SYSRAM_DRIVER_MANAGED memory regions, particularly when such memory is located above the normal system RAM address range. The improper handling causes these memory resources to be mistakenly selected for storing kexec buffers. Kexec is a mechanism that allows loading and booting into a new kernel without going through a full hardware reboot. The consequence of this mismanagement is undefined behavior after a kexec reboot. If the kexec buffer is never accessed, the system may appear unaffected. However, if the buffer is accessed, it can lead to kernel crashes or other unpredictable behavior. The vulnerability was tested on systems with CXL memory expanders (which provide additional driver-managed memory), TPM enabled, and the kernel configured with IMA kexec support (CONFIG_IMA_KEXEC=y). Kernel logs demonstrate that resource flags are lost, causing the system to treat driver-managed memory as normal system RAM, leading to page faults and kernel oops errors during the IMA measurement list restoration phase after reboot. This vulnerability is subtle and specific to advanced memory configurations involving driver-managed system RAM and kexec. It can cause system instability or crashes post-kexec reboot, impacting system availability. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The issue is primarily a kernel memory management bug affecting Linux kernel versions identified by the given commit hashes.
Potential Impact
For European organizations, the impact of CVE-2024-50303 depends on their use of Linux systems with advanced memory configurations such as CXL memory expanders and TPM, and whether they utilize kexec for kernel reboots. Organizations relying on kexec for fast kernel switching or system recovery could face unexpected system crashes or undefined behavior after reboot, potentially leading to downtime or service interruptions. This is particularly critical for data centers, cloud providers, and enterprises running high-availability Linux servers with these configurations. The vulnerability affects system availability primarily, as kernel crashes can cause service outages. Confidentiality and integrity impacts are less direct but could arise if system instability leads to failures in security modules like IMA (Integrity Measurement Architecture). Systems with TPM and IMA enabled may experience failures in security measurement restoration, potentially weakening trust in system integrity post-reboot. Given the complexity of the affected configurations, the threat is more relevant to organizations with cutting-edge hardware deployments or specialized Linux kernel setups rather than typical desktop or server environments. However, critical infrastructure or research institutions using such configurations in Europe could be at risk of operational disruption.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this issue as soon as they become available. Monitor Linux kernel mailing lists and vendor advisories for updates related to CVE-2024-50303. 2. Until patches are applied, avoid using kexec on systems with IORESOURCE_SYSRAM_DRIVER_MANAGED memory regions, especially those with CXL memory expanders and TPM enabled. 3. Review system configurations to identify the presence of driver-managed system RAM and evaluate the necessity of kexec usage in these environments. 4. Implement rigorous testing of kernel updates and kexec operations in controlled environments before deploying to production systems. 5. Monitor kernel logs for page faults or oops messages related to ima_restore_measurement_list or kexec buffer handling, which may indicate exploitation or manifestation of this vulnerability. 6. Coordinate with hardware vendors to understand the deployment of CXL memory expanders and ensure firmware and drivers are up to date to minimize related risks. 7. For critical systems, consider fallback mechanisms or redundant systems to maintain availability in case of crashes triggered by this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.987Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdf796
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 1:57:04 PM
Last updated: 7/30/2025, 10:36:43 PM
Views: 15
Related Threats
CVE-2025-8956: Command Injection in D-Link DIR‑818L
MediumCVE-2025-7761: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Akcess-Net Lepszy BIP
MediumCVE-2025-55346: CWE-94 Improper Control of Generation of Code ('Code Injection')
CriticalCVE-2025-8943
CriticalCVE-2025-8047: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in disable-right-click-powered-by-pixterme
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.