PT-2024-33966 · Linux+5 · Linux Kernel+5

Published

2024-10-15

·

Updated

2026-05-26

·

CVE-2024-50135

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61
Description: A race condition exists between reset and nvme dev disable() in the Linux kernel. The nvme dev disable() function modifies the dev->online queues field, and nvme pci update nr queues() should avoid racing against it to prevent passing invalid values to blk mq update nr hw queues(). This issue can cause errors, including a warning message indicating a CPU issue and a call trace involving various kernel functions.
Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider applying a patch that locks the shutdown lock mutex before using dev->online queues to prevent the race condition. Give up if nvme dev disable() is running or if it has been executed already.

Exploit

Fix

Race Condition

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-15245
ALT-PU-2024-17211
ALT-PU-2025-12647
AZL-52396
AZL-52408
BDU:2025-13909
CVE-2024-50135
ECHO-AF05-5B56-74B4
MGASA-2024-0368
MGASA-2024-0369
OESA-2024-2518
OESA-2024-2519
OESA-2024-2521
OESA-2024-2522
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4316-1
OPENSUSE-SU-2024_4376-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4367-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:0035-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu