CVE-2024-49927: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49927 affects the Linux kernel's x86/ioapic subsystem. The vulnerability was discovered when panics were observed during runtime under certain conditions using failslab. The issue stems from improper handling of interrupt allocation failures in the IO/APIC code, which would trigger a kernel panic instead of gracefully handling the failure (Kernel Patch).

The vulnerability exists in the Linux kernel's IO/APIC code where interrupt allocation failures were not properly handled. When an interrupt allocation fails, the code would panic with the message 'IO-APIC: failed to add irq-pin. Can not proceed' instead of handling the failure gracefully. This behavior was a remnant of historic IO/APIC code that would panic during early boot when interrupt allocation failed. The issue manifests in the mpirqdomainalloc() function and affects various kernel versions up to 5.15.168, 6.1.113, 6.6.55, and 6.10.14 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The primary impact is a denial of service condition through kernel panic when interrupt allocation fails, particularly affecting systems using the IO/APIC subsystem (NVD).

The vulnerability has been patched by removing the panic wrapper around _addpintoirqnode() and modifying mpirqdomain_alloc() to handle the failure condition gracefully. The fix has been implemented across multiple kernel versions. Users should update to kernel versions 5.15.168, 6.1.113, 6.6.55, or 6.10.14 or later to address this vulnerability (Kernel Patch).