CVE-2024-50141

Improper Control of Resource Identifiers ('Resource Injection') (CWE-99)

Published: Nov 7, 2024 / Updated: 12d ago

010
CVSS 5.5EPSS 0.05%Medium
CVE info copied to clipboard

Summary

A vulnerability has been identified in the Linux kernel related to the Advanced Configuration and Power Interface (ACPI) Platform Runtime Mechanism (PRM). The issue stems from the PRMT (Platform Runtime Mechanism Table) incorrectly finding a block of type EFI_CONVENTIONAL_MEMORY instead of EFI_MEMORY_RUNTIME for the PRM handler and context. This inappropriate memory type selection causes an exception when the PRM handler, which is a type of runtime service, is called.

Impact

The primary impact of this vulnerability is on system availability. When exploited, it can lead to a paging request error in EFI runtime service, potentially causing system crashes or failures during error handling. This could result in denial of service, affecting system stability and uptime. The CVSS base score of 5.5 (Medium severity) with High availability impact underscores the potential for significant operational disruption.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The issue has been resolved by modifying the PRMT to find a block with EFI_MEMORY_RUNTIME for the PRM handler and PRM context. This ensures that the PRM handler and context are properly mapped in the virtual address space during runtime, preventing the paging request error. The fix has been implemented, and affected systems should be updated with the patched version of the Linux kernel.

Mitigation

While waiting for the patch to be applied, the following mitigation steps are recommended: 1. Monitor systems for any signs of instability or crashes related to EFI runtime services. 2. If possible, limit the use of PRM handlers or functions that might trigger this vulnerability. 3. Keep systems and firmware up to date with the latest security patches. 4. Implement proper access controls to limit local access, as the vulnerability requires local access to exploit. 5. Consider implementing additional system monitoring to detect and respond to potential exploitation attempts.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-50141

Nov 7, 2024 at 10:15 AM
First Article

Feedly found the first article mentioning CVE-2024-50141. See article

Nov 7, 2024 at 10:21 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 7, 2024 at 10:21 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.7%)

Nov 8, 2024 at 10:19 AM
Vendor Advisory

RedHat CVE advisory released a security advisory (CVE-2024-50141).

Nov 14, 2024 at 9:10 AM
CVSS

A CVSS base score of 5.5 has been assigned.

Nov 14, 2024 at 9:10 AM / redhat-cve-advisories
Static CVE Timeline Graph

Affected Systems

Linux/kernel
+null more

Patches

bugzilla.redhat.com
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

Vendor Advisory

CVE-2024-50141
ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context Let PRMT find a block with EFI_MEMORY_RUNTIME for PRM handler and PRM

News

CVE-2024-50141
ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context Let PRMT find a block with EFI_MEMORY_RUNTIME for PRM handler and PRM
CVE-2024-50141
In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. [Firmware Bug]: Unable to handle paging request in EFI runtime service WARNING: CPU: 22 PID: 4330 at drivers/firmware/efi/runtime-wrappers.c:341 __efi_queue_work+0x11c/0x170 Call trace: Let PRMT find a block with EFI_MEMORY_RUNTIME for PRM handler and PRM context.
NA - CVE-2024-50141 - In the Linux kernel, the following...
In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate...
CVE-2024-50141
In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type EFI_CONVENTIONAL_MEMORY, which is not appropriate for runtime services as described in Section 2.2.2 (Runtime Services) of the UEFI Specification [1]. Since the PRM handler is a type of runtime service, this causes an exception when the PRM handler is called. [Firmware Bug]: Unable to handle paging request in EFI runtime service WARNING: CPU: 22 PID:
CVE-2024-50141
In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type EFI_CONVENTIONAL_MEMORY, which is not appropriate for runtime services as described in Section 2.2.2 (Runtime Services) of the UEFI Specification [1]. Since the PRM handler is a type of runtime service, this causes an exception when the PRM handler is called. [Firmware Bug]: Unable to handle paging request in EFI runtime service WARNING: CPU: 22 PID:
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI