CVE-2024-50093: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50093 affects the Linux kernel's thermal management subsystem, specifically the Intel processor thermal driver. The vulnerability was discovered in late 2024 and affects Linux kernel versions from 5.14 up to versions before 5.15.168, 6.1.113, 6.6.57, and 6.11.4 (NVD).

The vulnerability stems from a redundant call to pci_disable_device() in the processor thermal driver. The driver uses pcim_device_enable() to enable a PCI device, which automatically handles device disabling on driver detach. The unnecessary additional call to pci_disable_device() triggers a warning during module unload, exposing an issue with PCI device resource management (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can cause system warnings and potential instability during module unload operations. When triggered, it results in a warning message indicating an attempt to disable an already-disabled device, which could lead to system instability or denial of service conditions (NVD).

The issue has been fixed through patches that remove the redundant pci_disable_device() calls in the affected driver code. Updates have been released for various Linux distributions, including Ubuntu 24.10 (oracular), 22.04 LTS, and 20.04 LTS (Ubuntu). Users should update their systems to the patched kernel versions to resolve this vulnerability.