{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50184", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T19:36:19.966Z", "datePublished": "2024-11-08T05:38:25.258Z", "dateUpdated": "2024-12-19T09:35:00.084Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:35:00.084Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_pmem: Check device status before requesting flush\n\nIf a pmem device is in a bad status, the driver side could wait for\nhost ack forever in virtio_pmem_flush(), causing the system to hang.\n\nSo add a status check in the beginning of virtio_pmem_flush() to return\nearly if the device is not activated."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvdimm/nd_virtio.c"], "versions": [{"version": "6e84200c0a2994b991259d19450eee561029bf70", "lessThan": "59ac565c6277d4be6661e81ea6a7f3ca2c5e4e36", "status": "affected", "versionType": "git"}, {"version": "6e84200c0a2994b991259d19450eee561029bf70", "lessThan": "4ce662fe4be6fbc2595d9ef4888b2b6e778c99ed", "status": "affected", "versionType": "git"}, {"version": "6e84200c0a2994b991259d19450eee561029bf70", "lessThan": "9a2bc9b6f929a2ce1ebe4d1a796ddab37568c5b4", "status": "affected", "versionType": "git"}, {"version": "6e84200c0a2994b991259d19450eee561029bf70", "lessThan": "6a5ca0ab94e13a1474bf7ad8437a975c2193618f", "status": "affected", "versionType": "git"}, {"version": "6e84200c0a2994b991259d19450eee561029bf70", "lessThan": "b01793cc63dd39c8f12b9a3d8dc115fbebb19e2a", "status": "affected", "versionType": "git"}, {"version": "6e84200c0a2994b991259d19450eee561029bf70", "lessThan": "ce7a3a62cc533c922072f328fd2ea2fd7cb893d4", "status": "affected", "versionType": "git"}, {"version": "6e84200c0a2994b991259d19450eee561029bf70", "lessThan": "e25fbcd97cf52c3c9824d44b5c56c19673c3dd50", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvdimm/nd_virtio.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.285", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.57", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.4", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/59ac565c6277d4be6661e81ea6a7f3ca2c5e4e36"}, {"url": "https://git.kernel.org/stable/c/4ce662fe4be6fbc2595d9ef4888b2b6e778c99ed"}, {"url": "https://git.kernel.org/stable/c/9a2bc9b6f929a2ce1ebe4d1a796ddab37568c5b4"}, {"url": "https://git.kernel.org/stable/c/6a5ca0ab94e13a1474bf7ad8437a975c2193618f"}, {"url": "https://git.kernel.org/stable/c/b01793cc63dd39c8f12b9a3d8dc115fbebb19e2a"}, {"url": "https://git.kernel.org/stable/c/ce7a3a62cc533c922072f328fd2ea2fd7cb893d4"}, {"url": "https://git.kernel.org/stable/c/e25fbcd97cf52c3c9824d44b5c56c19673c3dd50"}], "title": "virtio_pmem: Check device status before requesting flush", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B9DFA1E-13AA-4825-AB77-27381BDF4E28", "versionEndExcluding": "5.4.285", "versionStartIncluding": "5.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "795A3EE6-0CAB-4409-A903-151C94ACECC0", "versionEndExcluding": "5.10.227", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1", "versionEndExcluding": "6.6.57", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34", "versionEndExcluding": "6.11.4", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_pmem: Check device status before requesting flush\n\nIf a pmem device is in a bad status, the driver side could wait for\nhost ack forever in virtio_pmem_flush(), causing the system to hang.\n\nSo add a status check in the beginning of virtio_pmem_flush() to return\nearly if the device is not activated."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio_pmem: comprobar el estado del dispositivo antes de solicitar la descarga. Si un dispositivo pmem est\u00e1 en mal estado, el lado del controlador podr\u00eda esperar el commit del host para siempre en virtio_pmem_flush(), lo que provocar\u00eda que el sistema se cuelgue. Por lo tanto, agregue una comprobaci\u00f3n de estado al comienzo de virtio_pmem_flush() para que vuelva antes si el dispositivo no est\u00e1 activado."}], "id": "CVE-2024-50184", "lastModified": "2024-12-09T23:19:00.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-08T06:15:15.580", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4ce662fe4be6fbc2595d9ef4888b2b6e778c99ed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/59ac565c6277d4be6661e81ea6a7f3ca2c5e4e36"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6a5ca0ab94e13a1474bf7ad8437a975c2193618f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9a2bc9b6f929a2ce1ebe4d1a796ddab37568c5b4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b01793cc63dd39c8f12b9a3d8dc115fbebb19e2a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ce7a3a62cc533c922072f328fd2ea2fd7cb893d4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e25fbcd97cf52c3c9824d44b5c56c19673c3dd50"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: virtio_pmem: Check device status before requesting flush", "id": "2324557", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324557"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-754", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvirtio_pmem: Check device status before requesting flush\nIf a pmem device is in a bad status, the driver side could wait for\nhost ack forever in virtio_pmem_flush(), causing the system to hang.\nSo add a status check in the beginning of virtio_pmem_flush() to return\nearly if the device is not activated."], "name": "CVE-2024-50184", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-11-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-50184\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50184\nhttps://lore.kernel.org/linux-cve-announce/2024110834-CVE-2024-50184-00c9@gregkh/T"], "threat_severity": "Moderate"}