CVE-2024-50234: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50234 affects the Linux kernel's iwlegacy WiFi driver, specifically the iwl4965 device functionality during system resume from hibernation. The vulnerability was discovered and reported by Ville Syrjälä, with the issue being identified in October 2024 (Kernel Patch).

The vulnerability stems from a race condition in the iwlegacy driver where stale interrupts are not properly cleared before interrupts are re-enabled during system resume. This creates a race between the resume process attempting to bring the system back up and the restart work (queued from the interrupt handler) trying to shut things down. The issue affects multiple Linux kernel versions, including versions up to 4.19.323, 5.4.285, 5.10.229, 5.15.171, and others (NVD). The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (HIGH) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

When exploited, the vulnerability can cause a system crash during resume from hibernation, leading to a denial of service condition. The issue manifests as a hardware unavailability error upon resume, which could be attributed to either a software issue prior to suspend or a hardware issue (Kernel Patch).

The issue has been fixed by adding code to clear any stale interrupts before interrupts get enabled during resume. The fix involves writing to CSRINT and CSRFHINTSTATUS registers to clear pending interrupts. The patch has been merged into various stable kernel branches (Kernel Patch).