What is the severity of CVE-2024-50111?

The severity of CVE-2024-50111 has been classified as moderate.

Which versions of the Linux Kernel are affected by CVE-2024-50111?

CVE-2024-50111 affects Linux Kernel versions between 6.7 and 6.11.6, as well as specific release candidates.

How do I fix CVE-2024-50111?

To address CVE-2024-50111, update to the latest version of the Linux Kernel containing the fix, such as 5.10.223-1, 6.12.12-1, or newer.

What type of vulnerability is CVE-2024-50111?

CVE-2024-50111 is an unaligned access exception that can occur in an IRQ-enabled context.

Is user mode execution affected by CVE-2024-50111?

Yes, CVE-2024-50111 can impact user mode execution, potentially leading to security vulnerabilities.

Vulnerability/
CVE-2024-50111

medium

5.5

5/11/2024

19/12/2024

CVE-2024-50111: LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context

First published: Tue Nov 05 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case do_ale() may call get_user() which may cause sleep. Then we will get: BUG: sleeping function called from invalid context at arch/loongarch/kernel/access-helper.h:7 in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 129, name: modprobe preempt_count: 0, expected: 0 RCU nest depth: 0, expected: 0 CPU: 0 UID: 0 PID: 129 Comm: modprobe Tainted: G W 6.12.0-rc1+ #1723 Tainted: [W]=WARN Stack : 9000000105e0bd48 0000000000000000 9000000003803944 9000000105e08000 9000000105e0bc70 9000000105e0bc78 0000000000000000 0000000000000000 9000000105e0bc78 0000000000000001 9000000185e0ba07 9000000105e0b890 ffffffffffffffff 9000000105e0bc78 73924b81763be05b 9000000100194500 000000000000020c 000000000000000a 0000000000000000 0000000000000003 00000000000023f0 00000000000e1401 00000000072f8000 0000007ffbb0e260 0000000000000000 0000000000000000 9000000005437650 90000000055d5000 0000000000000000 0000000000000003 0000007ffbb0e1f0 0000000000000000 0000005567b00490 0000000000000000 9000000003803964 0000007ffbb0dfec 00000000000000b0 0000000000000007 0000000000000003 0000000000071c1d ... Call Trace: [<9000000003803964>] show_stack+0x64/0x1a0 [<9000000004c57464>] dump_stack_lvl+0x74/0xb0 [<9000000003861ab4>] __might_resched+0x154/0x1a0 [<900000000380c96c>] emulate_load_store_insn+0x6c/0xf60 [<9000000004c58118>] do_ale+0x78/0x180 [<9000000003801bc8>] handle_ale+0x128/0x1e0 So enable IRQ if unaligned access exception is triggered in irq-enabled context to fix it.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel	<6.6.59
Linux Kernel	>=6.7<6.11.6
Linux Kernel	=6.12-rc1
Linux Kernel	=6.12-rc2
Linux Kernel	=6.12-rc3
Linux Kernel	=6.12-rc4
debian/linux	<=6.1.123-1<=6.1.128-1	5.10.223-1 5.10.226-1 6.12.12-1 6.12.15-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-50111?
The severity of CVE-2024-50111 has been classified as moderate.
Which versions of the Linux Kernel are affected by CVE-2024-50111?
CVE-2024-50111 affects Linux Kernel versions between 6.7 and 6.11.6, as well as specific release candidates.
How do I fix CVE-2024-50111?
To address CVE-2024-50111, update to the latest version of the Linux Kernel containing the fix, such as 5.10.223-1, 6.12.12-1, or newer.
What type of vulnerability is CVE-2024-50111?
CVE-2024-50111 is an unaligned access exception that can occur in an IRQ-enabled context.
Is user mode execution affected by CVE-2024-50111?
Yes, CVE-2024-50111 can impact user mode execution, potentially leading to security vulnerabilities.

agent/title
agent/type
agent/first-publish-date
agent/author
agent/remedy
agent/severity
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/usn-cve
source/Ubuntu
collector/nvd-cve
collector/security-tracker-debian
source/Debian
agent/source
agent/references
agent/softwarecombine
agent/tags
agent/description
agent/event
vendor/linux
canonical/linux kernel
version/linux kernel/6.7
version/linux kernel/6.12-rc1
version/linux kernel/6.12-rc2
version/linux kernel/6.12-rc3
version/linux kernel/6.12-rc4
package-manager/debian

CVE-2024-50111: LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-50111?

Which versions of the Linux Kernel are affected by CVE-2024-50111?

How do I fix CVE-2024-50111?

What type of vulnerability is CVE-2024-50111?

Is user mode execution affected by CVE-2024-50111?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-50111?

Which versions of the Linux Kernel are affected by CVE-2024-50111?

How do I fix CVE-2024-50111?

What type of vulnerability is CVE-2024-50111?

Is user mode execution affected by CVE-2024-50111?