CVE-2024-50249

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 9, 2024
Updated: Nov 14, 2024

Summary

CVE-2024-50249: A vulnerability has been identified in the Linux kernel's ACPI component. The issue involves a wait order problem between the 'rmw_lock' used by 'cpc_write()' and the raw_spinlock used by 'sugov_update_shared()'. This misorder resulted in an "Invalid wait context" error, leading to a potential security issue. The vulnerability has been resolved by making 'rmw_lock' a raw_spinlock to ensure proper wait-type order and disable interrupts on the CPU holding the lock.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share