CVE-2024-50141
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-50141
CVE Details
| Release Date: | 2024-11-07 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context\nPRMT needs to find the correct type of block to translate the PA-VA\nmapping for EFI runtime services.\nThe issue arises because the PRMT is finding a block of type\nEFI_CONVENTIONAL_MEMORY, which is not appropriate for runtime services\nas described in Section 2.2.2 (Runtime Services) of the UEFI\nSpecification [1]. Since the PRM handler is a type of runtime service,\nthis causes an exception when the PRM handler is called.\n[Firmware Bug]: Unable to handle paging request in EFI runtime service\nWARNING: CPU: 22 PID: 4330 at drivers/firmware/efi/runtime-wrappers.c:341\n__efi_queue_work+0x11c/0x170\nCall trace:\nLet PRMT find a block with EFI_MEMORY_RUNTIME for PRM handler and PRM\ncontext.\nIf no suitable block is found, a warning message will be printed, but\nthe procedure continues to manage the next PRM handler.\nHowever, if the PRM handler is actually called without proper allocation,\nit would result in a failure during error handling.\nBy using the correct memory types for runtime services, ensure that the\nPRM handler and the context are properly mapped in the virtual address\nspace during runtime, preventing the paging request error.\nThe issue is really that only memory that has been remapped for runtime\nby the firmware can be used by the PRM handler, and so the region needs\nto have the EFI_MEMORY_RUNTIME attribute.\n[ rjw: Subject and changelog edits ]
See more information about CVE-2024-50141 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
| Base Score: | 5.5 |
| Vector String: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Version: | 3.1 |
| Attack Vector: | Local |
| Attack Complexity: | Low |
| Privileges Required: | Low |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality: | None |
| Integrity: | None |
| Availability: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12887 | 2024-12-18 |
| Oracle Linux version 9 (kernel-uek) | ELSA-2024-12887 | 2024-12-18 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
