CVE-2024-50280

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/135496c208ba26fd68cdef10b64ed7a91ac9a7ff	Patch
https://git.kernel.org/stable/c/40fac0271c7aedf60d81ed8214e80851e5b26312
https://git.kernel.org/stable/c/5a754d3c771280f2d06bf8ab716d6a0d36ca256e	Patch
https://git.kernel.org/stable/c/8cc12dab635333c4ea28e72d7b947be7d0543c2c	Patch
https://git.kernel.org/stable/c/aee3ecda73ce13af7c3e556383342b57e6bd0718	Patch
https://git.kernel.org/stable/c/d154b333a5667b6c1b213a11a41ad7aaccd10c3d

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::

History

02 May 2025, 07:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/40fac0271c7aedf60d81ed8214e80851e5b26312 - () https://git.kernel.org/stable/c/d154b333a5667b6c1b213a11a41ad7aaccd10c3d -

24 Mar 2025, 17:22

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::
References	~~() https://git.kernel.org/stable/c/135496c208ba26fd68cdef10b64ed7a91ac9a7ff -~~	() https://git.kernel.org/stable/c/135496c208ba26fd68cdef10b64ed7a91ac9a7ff - Patch
References	~~() https://git.kernel.org/stable/c/5a754d3c771280f2d06bf8ab716d6a0d36ca256e -~~	() https://git.kernel.org/stable/c/5a754d3c771280f2d06bf8ab716d6a0d36ca256e - Patch
References	~~() https://git.kernel.org/stable/c/8cc12dab635333c4ea28e72d7b947be7d0543c2c -~~	() https://git.kernel.org/stable/c/8cc12dab635333c4ea28e72d7b947be7d0543c2c - Patch
References	~~() https://git.kernel.org/stable/c/aee3ecda73ce13af7c3e556383342b57e6bd0718 -~~	() https://git.kernel.org/stable/c/aee3ecda73ce13af7c3e556383342b57e6bd0718 - Patch

11 Dec 2024, 15:15

Type	Values Removed	Values Added
CWE		CWE-416
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

19 Nov 2024, 21:57

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm cache: fix flushing uninitialized delayed_work on cache_ctr error Se puede producir un WARN_ON inesperado de flush_work() cuando falla la creación de caché, causado por la destrucción del activador delayed_work no inicializado en la ruta de error de cache_create(). Por ejemplo, la advertencia aparece en el error de suma de comprobación del superbloque. Reproducir los pasos: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Registros del kernel: (fragmento) ADVERTENCIA: CPU: 0 PID: 84 en kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Se soluciona extrayendo cancel_delayed_work_sync() de la ruta de error del constructor. Este parche no afecta la corrección de use-after-free para dm_resume y dm_destroy simultáneos (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) ya que cache_dtr no se modifica.

19 Nov 2024, 02:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-19 02:16

Updated : 2025-05-02 07:15

NVD link : CVE-2024-50280

Mitre link : CVE-2024-50280

CVE.ORG link : CVE-2024-50280

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10