CVE-2024-50091

Summary

In the Linux kernel, the following vulnerability has been resolved:

dm vdo: don't refer to dedupe_context after releasing it

Clear the dedupe_context pointer in a data_vio whenever ownership of the context is lost, so that vdo can't examine it accidentally.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcfaf07fae7a262865a67b6010eef3bc0a1ae50b2 < 63ef073084c67878d7a92e15ad055172da3f05a3affected
LinuxLinuxcfaf07fae7a262865a67b6010eef3bc0a1ae50b2 < 0808ebf2f80b962e75741a41ced372a7116f1e26affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.11.4 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References