CVE-2024-50093

MEDIUM EPSS 14.4%
Published Nov 5, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Nov 5, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload The processor_thermal driver uses pcim_device_enable() to enable a PCI device, which means the device will be automatically disabled on driver detach. Thus there is no need to call pci_disable_device() again on it. With recent PCI device resource management improvements, e.g. commit f748a07a0b64 ("PCI: Remove legacy pcim_release()"), this problem is exposed and triggers the warining below. [ 224.010735] proc_thermal_pci 0000:00:04.0: disabling already-disabled device [ 224.010747] WARNING: CPU: 8 PID: 4442 at drivers/pci/pci.c:2250 pci_disable_device+0xe5/0x100 ... [ 224.010844] Call Trace: [ 224.010845] <TASK> [ 224.010847] ? show_regs+0x6d/0x80 [ 224.010851] ? __warn+0x8c/0x140 [ 224.010854] ? pci_disable_device+0xe5/0x100 [ 224.010856] ? report_bug+0x1c9/0x1e0 [ 224.010859] ? handle_bug+0x46/0x80 [ 224.010862] ? exc_invalid_op+0x1d/0x80 [ 224.010863] ? asm_exc_invalid_op+0x1f/0x30 [ 224.010867] ? pci_disable_device+0xe5/0x100 [ 224.010869] ? pci_disable_device+0xe5/0x100 [ 224.010871] ? kfree+0x21a/0x2b0 [ 224.010873] pcim_disable_device+0x20/0x30 [ 224.010875] devm_action_release+0x16/0x20 [ 224.010878] release_nodes+0x47/0xc0 [ 224.010880] devres_release_all+0x9f/0xe0 [ 224.010883] device_unbind_cleanup+0x12/0x80 [ 224.010885] device_release_driver_internal+0x1ca/0x210 [ 224.010887] driver_detach+0x4e/0xa0 [ 224.010889] bus_remove_driver+0x6f/0xf0 [ 224.010890] driver_unregister+0x35/0x60 [ 224.010892] pci_unregister_driver+0x44/0x90 [ 224.010894] proc_thermal_pci_driver_exit+0x14/0x5f0 [processor_thermal_device_pci] ... [ 224.010921] ---[ end trace 0000000000000000 ]--- Remove the excess pci_disable_device() calls. [ rjw: Subject and changelog edits ]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.14  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.57
linuxlinux_kernel*≥6.7  –  <6.11.4
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/434525a864136c928b54fd2512b4c0167c207463
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8403021b6f32d68a7e3a6b8428ecaf5c153a9974
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99ca0b57e49fb73624eede1c4396d9e3d10ccf14
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4ab78f4adeaf6c98be5d375518dd4fb666eac5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd64ea03375618684477f946be4f5e253f8676c2
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/434525a864136c928b54fd2512b4c0167c207463
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8403021b6f32d68a7e3a6b8428ecaf5c153a9974
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99ca0b57e49fb73624eede1c4396d9e3d10ccf14
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4ab78f4adeaf6c98be5d375518dd4fb666eac5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd64ea03375618684477f946be4f5e253f8676c2
    Patch