CVE-2024-50249

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: A vulnerability in the Linux kernel has been resolved by updating the rmw lock to a raw spinlock. The issue was triggered by a BUG that caused an invalid wait context, resulting in a kernel crash. The vulnerability is related to the ACPI CPPC (Collaborative Processor Performance Control) and the locking mechanism used by the sugov update shared function. The function locks a raw spinlock while the cpc write function locks a spinlock, causing a wait-type order issue. To resolve this issue, the rmw lock is updated to a raw spinlock, ensuring that interrupts are disabled on the CPU holding it.

Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider disabling the cpc write function until a patch is available. Restrict access to the sugov update shared function to minimize the risk of exploitation. Avoid using the rmw lock variable in the affected kernel code until the issue is resolved.