CVE-2024-50295: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50295 affects the Linux kernel's ARC Ethernet MAC driver. The vulnerability was discovered and disclosed in November 2024, specifically related to incorrect device handling in DMA mapping operations. The issue occurs when ndev->dev and pdev->dev are incorrectly used interchangeably, while they represent different devices (Kernel Commit).

The vulnerability stems from incorrect device pointer usage in the ARC Ethernet MAC driver's DMA mapping operations. The driver was using ndev->dev instead of ndev->dev.parent for DMA operations, where ndev->dev.parent has the proper dma_mask and is actually the platform device (pdev->dev). This incorrect usage could trigger kernel warnings and potential DMA mapping failures (Kernel Commit).

When exploited, this vulnerability can cause kernel warnings and DMA mapping failures, potentially leading to system instability. The issue manifests with kernel warnings such as 'WARNING: CPU: 1 PID: 501 at kernel/dma/mapping.c:149 dma_map_page_attrs+0x90/0x1f8' (Ubuntu Security).

The issue has been fixed in various Linux kernel versions through patches that correct the device pointer usage. Ubuntu has released fixes for multiple kernel versions including 6.11.0-18.18 for 24.10 and 5.15.0-133.144 for 22.04 LTS. Users should update their systems to the patched versions (Ubuntu Security).