CVE-2024-50155: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50155 affects the Linux kernel's netdevsim module, specifically in the nsimdevtrapreportwork() function. The vulnerability was discovered when syzbot reports indicated that the function could be manipulated with hundreds of ports, leading to potential system hangs. The issue affects multiple Linux kernel versions including 6.1.78 through 6.1.115, 6.6.17 through 6.6.59, 6.7.5, and versions from 6.8 up to 6.11.6, as well as specific release candidates of version 6.12 (NVD).

The vulnerability stems from insufficient scheduling in the nsimdevtrapreportwork() function within the netdevsim driver. The issue manifests when the function processes multiple ports without yielding control, potentially causing task blocking for extended periods. The CVSS v3.1 base score is 7.8 (High), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability can cause system tasks to become blocked for extended periods, potentially leading to system hangs. In one documented instance, a task was blocked for more than 143 seconds, demonstrating the severity of the denial of service condition (Kernel Patch).

The issue has been fixed by implementing condresched() in the nsimdevtrapreportwork() function and switching to systemunboundwq instead of the implicit systemwq. The fix has been backported to multiple kernel versions through various stable releases (Kernel Patch).