CVE-2024-50275: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50275 affects the Linux kernel's ARM64 SVE (Scalable Vector Extension) trap handling mechanism. The vulnerability was discovered in late 2024 and involves incorrect manipulation of saved FPSIMD/SVE state that can lead to a race condition with preemption. This issue affects Linux kernel versions from 5.13 up to versions before 6.6.61, and from 6.7 up to versions before 6.11.8 (NVD).

The vulnerability stems from a race condition in the SVE trap handler where a task can have TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale. The race occurs when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting and ending on the same CPU. This results in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set. The CVSS v3.1 base score is 7.0 (High) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When exploited, the vulnerability can lead to stale CPU state being reused with SVE traps enabled, TIF_FOREIGN_FPSTATE being incorrectly cleared, and hardware state restore being skipped during return to userspace. This can potentially result in unauthorized access to CPU state information and system instability (Kernel Patch).

The issue has been fixed by adding a call to fpsimd_flush_task_state() to detach from the saved CPU state when the state is not live and TIF_FOREIGN_FPSTATE is set. This ensures that subsequent context switches will not reuse stale CPU state and will properly set TIF_FOREIGN_FPSTATE, forcing new state to be reloaded from memory before returning to userspace. The fix is available in kernel version 6.6.61 and later (Red Hat Advisory).