CVE-2024-50032 (GCVE-0-2024-50032)

Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-06-18 13:37
VLAI?

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-06-18T13:37:31.817Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50032",
    "datePublished": "2024-10-21T19:39:34.435Z",
    "dateRejected": "2025-06-18T13:37:31.817Z",
    "dateReserved": "2024-10-21T12:17:06.069Z",
    "dateUpdated": "2025-06-18T13:37:31.817Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.6.54\", \"versionEndExcluding\": \"6.6.57\", \"matchCriteriaId\": \"28067F77-C1B2-4A04-BA6B-2C4955E8853E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.10.13\", \"versionEndExcluding\": \"6.11\", \"matchCriteriaId\": \"B88D322F-6F03-45A1-8C58-9E45EAB64B13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.11.2\", \"versionEndExcluding\": \"6.11.4\", \"matchCriteriaId\": \"72A93F71-1302-40DD-847E-3C6D29220EAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.1.113:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81EA2611-0623-46DE-8378-F900B6B1EC79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F361E1D-580F-4A2D-A509-7615F73167A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nrcu/nocb: Fix rcuog wake-up from offline softirq\\n\\nAfter a CPU has set itself offline and before it eventually calls\\nrcutree_report_cpu_dead(), there are still opportunities for callbacks\\nto be enqueued, for example from a softirq. When that happens on NOCB,\\nthe rcuog wake-up is deferred through an IPI to an online CPU in order\\nnot to call into the scheduler and risk arming the RT-bandwidth after\\nhrtimers have been migrated out and disabled.\\n\\nBut performing a synchronized IPI from a softirq is buggy as reported in\\nthe following scenario:\\n\\n        WARNING: CPU: 1 PID: 26 at kernel/smp.c:633 smp_call_function_single\\n        Modules linked in: rcutorture torture\\n        CPU: 1 UID: 0 PID: 26 Comm: migration/1 Not tainted 6.11.0-rc1-00012-g9139f93209d1 #1\\n        Stopper: multi_cpu_stop+0x0/0x320 \u003c- __stop_cpus+0xd0/0x120\\n        RIP: 0010:smp_call_function_single\\n        \u003cIRQ\u003e\\n        swake_up_one_online\\n        __call_rcu_nocb_wake\\n        __call_rcu_common\\n        ? rcu_torture_one_read\\n        call_timer_fn\\n        __run_timers\\n        run_timer_softirq\\n        handle_softirqs\\n        irq_exit_rcu\\n        ? tick_handle_periodic\\n        sysvec_apic_timer_interrupt\\n        \u003c/IRQ\u003e\\n\\nFix this with forcing deferred rcuog wake up through the NOCB timer when\\nthe CPU is offline. The actual wake up will happen from\\nrcutree_report_cpu_dead().\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rcu/nocb: Se ha corregido la activaci\\u00f3n de rcuog desde un softirq sin conexi\\u00f3n. Despu\\u00e9s de que una CPU se haya desconectado y antes de que finalmente llame a rcutree_report_cpu_dead(), a\\u00fan hay oportunidades para que se pongan en cola devoluciones de llamadas, por ejemplo, desde un softirq. Cuando eso sucede en NOCB, la activaci\\u00f3n de rcuog se pospone a trav\\u00e9s de una IPI a una CPU en l\\u00ednea para no llamar al programador y correr el riesgo de armar el ancho de banda RT despu\\u00e9s de que los temporizadores hr se hayan migrado y deshabilitado. Pero realizar una IPI sincronizada desde un softirq tiene errores, como se informa en el siguiente escenario: ADVERTENCIA: CPU: 1 PID: 26 en kernel/smp.c:633 smp_call_function_single M\\u00f3dulos vinculados en: rcutorture torture CPU: 1 UID: 0 PID: 26 Comm: immigration/1 No contaminado 6.11.0-rc1-00012-g9139f93209d1 #1 Detenedor: multi_cpu_stop+0x0/0x320 \u0026lt;- __stop_cpus+0xd0/0x120 RIP: 0010:smp_call_function_single  swake_up_one_online __call_rcu_nocb_wake __call_rcu_common ? rcu_torture_one_read call_timer_fn __run_timers run_timer_softirq handle_softirqs irq_exit_rcu ? tick_handle_periodic sysvec_apic_timer_interrupt  Solucione esto forzando la activaci\\u00f3n diferida de rcuog a trav\\u00e9s del temporizador NOCB cuando la CPU est\\u00e9 fuera de l\\u00ednea. La activaci\\u00f3n real se realizar\\u00e1 desde rcutree_report_cpu_dead().\"}]",
      "id": "CVE-2024-50032",
      "lastModified": "2024-10-25T15:34:22.353",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-10-21T20:15:16.417",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/84a5feebba10354c683983f5f1372a144225e4c2\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/e66b1e01f2eb3209d08122572f41f7838b79540d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/f7345ccc62a4b880cf76458db5f320725f28e400\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50032\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-10-21T20:15:16.417\",\"lastModified\":\"2025-06-18T14:15:25.247\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\"}],\"metrics\":{},\"references\":[]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"rejectedReasons\": [{\"lang\": \"en\", \"value\": \"This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-06-18T13:37:31.817Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-50032\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"state\": \"REJECTED\", \"assignerShortName\": \"Linux\", \"dateReserved\": \"2024-10-21T12:17:06.069Z\", \"datePublished\": \"2024-10-21T19:39:34.435Z\", \"dateUpdated\": \"2025-06-18T13:37:31.817Z\", \"dateRejected\": \"2025-06-18T13:37:31.817Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.