CVE-2024-50280

HIGH EPSS 15.5%
Published Nov 19, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Nov 19, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
15.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 16

VendorProductVersionRange
linuxlinux_kernel*≥4.9.337  –  <4.10
linuxlinux_kernel*≥4.14.303  –  <4.15
linuxlinux_kernel*≥4.19.270  –  <4.20
linuxlinux_kernel*≥5.4.229  –  <5.5
linuxlinux_kernel*≥5.10.163  –  <5.11
linuxlinux_kernel*≥5.15.87  –  <5.16
linuxlinux_kernel*≥6.0.18  –  <6.1
linuxlinux_kernel*≥6.1.4  –  <6.1.117
linuxlinux_kernel*≥6.2  –  <6.6.61
linuxlinux_kernel*≥6.7  –  <6.11.8
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/135496c208ba26fd68cdef10b64ed7a91ac9a7ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/40fac0271c7aedf60d81ed8214e80851e5b26312
  • git.kernel.org https://git.kernel.org/stable/c/5a754d3c771280f2d06bf8ab716d6a0d36ca256e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8cc12dab635333c4ea28e72d7b947be7d0543c2c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aee3ecda73ce13af7c3e556383342b57e6bd0718
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d154b333a5667b6c1b213a11a41ad7aaccd10c3d
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/135496c208ba26fd68cdef10b64ed7a91ac9a7ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5a754d3c771280f2d06bf8ab716d6a0d36ca256e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8cc12dab635333c4ea28e72d7b947be7d0543c2c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aee3ecda73ce13af7c3e556383342b57e6bd0718
    Patch