CVE-2024-50184

CVE-2024-50184 is a medium-severity vulnerability in Linux Linux Kernel with a CVSS 3.x base score of 5.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-754.

Key facts

Description

In the Linux kernel, the following vulnerability has been resolved: virtio_pmem: Check device status before requesting flush If a pmem device is in a bad status, the driver side could wait for host ack forever in virtio_pmem_flush(), causing the system to hang. So add a status check in the beginning of virtio_pmem_flush() to return early if the device is not activated.

Frequently asked questions

What is CVE-2024-50184?
In the Linux kernel, the following vulnerability has been resolved: virtio_pmem: Check device status before requesting flush If a pmem device is in a bad status, the driver side could wait for host ack forever in virtio_pmem_flush(), causing the system to hang. So add a status check in the beginning of virtio_pmem_flush() to return early if the device is not activated.
How severe is CVE-2024-50184?
CVE-2024-50184 has a CVSS 3.x base score of 5.5, rated medium severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
Is CVE-2024-50184 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (13th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2024-50184?
CVE-2024-50184 affects Linux Linux Kernel. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2024-50184?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2024-50184 have an EU (EUVD) identifier?
Yes. CVE-2024-50184 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-45152.
When was CVE-2024-50184 published?
CVE-2024-50184 was published on 2024-11-08 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Linux Linux Kernel

All CVEs affecting Linux Linux Kernel →

Other CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities

Browse all CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities →