CVE-2024-50189: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50189 affects the Linux kernel's AMD Sensor Fusion Hub (SFH) HID driver. The vulnerability was discovered in the memory management of the driver, specifically related to the cleanup handling in the probe() error path. The issue affects Linux kernel versions from 5.11 up to versions before 5.15.168, 6.1.113, 6.6.57, and 6.11.4 (NVD).

The vulnerability stems from improper memory management in the AMD SFH HID driver. The issue involves the use of dmaalloccoherent() instead of its device-managed counterpart dmamalloccoherent(). This implementation could lead to memory errors, page faults, btrfs going read-only, and btrfs disk corruption. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in several serious system issues including memory errors, page faults, the btrfs filesystem becoming read-only, and potential btrfs disk corruption. These impacts primarily affect system availability and stability (Kernel Patch).

The vulnerability has been fixed by switching to device-managed dmamalloccoherent() which ensures proper cleanup in the probe() error path. The fix has been implemented in various kernel versions including 5.15.0-127.137 for Ubuntu 22.04 LTS and other distributions. Users are advised to update their kernel to the patched versions (Ubuntu Security).