CVE-2024-50245: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50245 is a vulnerability in the Linux kernel's NTFS3 filesystem implementation that was discovered and disclosed on November 9, 2024. The vulnerability specifically affects the mutex lock handling in the fs/ntfs3 filesystem code, where a possible deadlock condition exists in the miread function when used with another subclass in nilock_dir() (NVD).

The vulnerability is characterized by a potential deadlock condition in the Linux kernel's NTFS3 filesystem implementation. It has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (NVD). The technical fix involved changing the mutex lock call from nilock(ni) to nilockdir(ni) in the ntfslookup function (Kernel Patch).

The vulnerability affects the availability of systems using the NTFS3 filesystem implementation in the Linux kernel. The CVSS scoring indicates that while there is no impact on confidentiality or integrity, there is a high impact on availability due to the potential deadlock condition (NVD).

The vulnerability has been patched in multiple Linux kernel versions. The fix has been backported to various stable kernel branches including versions up to 5.15.171, 6.1.116, 6.6.60, and 6.11.7. Users should update their Linux kernel to the latest patched version (Debian Tracker).