CVE-2024-50107: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50107 affects the Linux kernel's platform/x86/intel/pmc component. The vulnerability was discovered when commit 50c6dbdfd16e introduced a WARN condition for invalid iounmap address ranges. On Thinkpad P1 Gen 7 (Meteor Lake-P) systems, this resulted in warning messages during boot due to unconditional iounmap calls with invalid addresses (Kernel Patch).

The vulnerability stems from the pmccoreiounmap function calling iounmap unconditionally without validating the address. The nofreeptr(tmpssram) sets tmpssram to NULL while assigning ssram, but pmccoreiounmap still attempts to call iounmap on the NULL pointer. The issue has a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can cause system warnings and potential instability during boot on affected systems, particularly on Thinkpad P1 Gen 7 laptops with Meteor Lake-P processors. While it primarily affects system stability, it does not appear to have direct security implications beyond potential denial of service (NVD).

The issue has been fixed by adding proper address validation before calling iounmap. The fix involves modifying the DEFINE_FREE macro to check for valid addresses before calling iounmap, and adding proper error handling (-ENOMEM) when ioremap fails. The patch has been merged into the Linux kernel (Kernel Patch).