Cxl port teardown improvement
CVE-2024-50226

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
9 November 2024

What is CVE-2024-50226?

A vulnerability exists within the Linux kernel's CXL framework due to improper handling of decoders during memory region management, leading to a use-after-free condition. This flaw can result in crashes when the system is unable to correctly manage the teardown of decoder objects, particularly when attempting to disable decoders out of order. The kernel may attempt to access a stale memory reference after a decoder has been removed, causing a general protection fault. The recent updates aim to rectify this issue by ensuring that the removal of decoder objects is handled more robustly according to the CXL specification, significantly improving system stability and integrity in memory management routines.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 176baefb2eb5d7a3ddebe3ff803db1fce44574b5 < 8e1b52c15c81106456437f8e49575040e489e355

Linux 176baefb2eb5d7a3ddebe3ff803db1fce44574b5 < 78c8454fdce0eeee962be004eb6d99860c80dad1

Linux 176baefb2eb5d7a3ddebe3ff803db1fce44574b5 < 101c268bd2f37e965a5468353e62d154db38838e

References

https://git.kernel.org/stable/c/8e1b52c15c81106456437f8e4...
https://git.kernel.org/stable/c/78c8454fdce0eeee962be004e...
https://git.kernel.org/stable/c/101c268bd2f37e965a5468353...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.