CVE-2024-50184: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50184 is a vulnerability in the Linux kernel's virtio_pmem driver discovered in 2024. The issue affects the virtio_pmem flush operation, where if a pmem device is in a bad status, the driver side could wait indefinitely for host acknowledgment in virtio_pmem_flush(), potentially causing the system to hang (NVD). The vulnerability affects multiple Linux kernel versions from 5.3 through 6.1.113.

The vulnerability stems from improper handling of device status checks in the virtio_pmem driver. The issue is classified as CWE-754 (Improper Check for Unusual or Exceptional Conditions). It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access required and potential for high availability impact (NVD).

When exploited, this vulnerability can cause a system hang due to the driver waiting indefinitely for host acknowledgment during the flush operation. This primarily affects system availability, as the system becomes unresponsive when the virtio_pmem device enters a bad state (NVD).

The vulnerability has been patched by adding a status check at the beginning of virtio_pmem_flush() to return early if the device is not activated. The fix has been implemented across multiple Linux kernel versions. Various distributions have released updated kernel packages to address this issue (Kernel Patch).