CVE-2024-50122
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50122
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50122.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-50122
- Related
- Published
- 2024-11-05T18:15:15Z
- Modified
- 2024-11-16T05:50:01.019352Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
PCI: Hold rescan lock while adding devices during host probe
Since adding the PCI power control code, we may end up with a race between the pwrctl platform device rescanning the bus and host controller probe functions. The latter need to take the rescan lock when adding devices or we may end up in an undefined state having two incompletely added devices and hit the following crash when trying to remove the device over sysfs:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP Call trace: _pistrlen+0x14/0x150 kernfsfindns+0x80/0x13c kernfsremovebynamens+0x54/0xf0 sysfsremovebinfile+0x24/0x34 pciremoveresourcefiles+0x3c/0x84 pciremovesysfsdevfiles+0x28/0x38 pcistopbusdevice+0x8c/0xd8 pcistopbusdevice+0x40/0xd8 pcistopandremovebusdevicelocked+0x28/0x48 removestore+0x70/0xb0 devattrstore+0x20/0x38 sysfskfwrite+0x58/0x78 kernfsfopwriteiter+0xe8/0x184 vfswrite+0x2dc/0x308 ksyswrite+0x7c/0xec
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.11.6-1