CVE-2024-50101: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50101 is a vulnerability in the Linux kernel's IOMMU/VT-d subsystem, discovered and disclosed in November 2024. The issue affects multiple versions of the Linux kernel, including versions from 5.15.142 up to 6.11.5. The vulnerability stems from an incorrect implementation in the domaincontextclear() function that improperly handles non-PCI devices (NVD).

The vulnerability occurs when the domaincontextclear() function incorrectly calls pciforeachdmaalias() to set up context entries for non-PCI devices. This implementation error affects the IOMMU/VT-d subsystem's handling of device contexts. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to kernel hangs or other unexpected behavior when processing non-PCI devices through the IOMMU/VT-d subsystem. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity (Kernel Patch).

The vulnerability has been patched by adding a check to only call pciforeachdmaalias() for PCI devices, while non-PCI devices are now handled by directly calling domaincontextclear_one(). The fix has been implemented across multiple kernel versions through various patches (Kernel Patch).