CVE-2024-50280
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix flushing uninitialized delayed_work on cache_ctr error
An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error.
Reproduce steps:
dmsetup create cmeta –table "0 8192 linear /dev/sdc 0"
dmsetup create cdata –table "0 65536 linear /dev/sdc 8192"
dmsetup create corig –table "0 524288 linear /dev/sdc 262144"
dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct
dmsetup create cache –table "0 524288 cache /dev/mapper/cmeta
/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0"
Kernel logs:
(snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890
Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 2b17026685a270b2beaf1cdd9857fcedd3505c7e < 40fac0271c7aedf60d81ed8214e80851e5b26312 | affected |
| Linux | Linux | d2a0b298ebf83ab6236f66788a3541e91ce75a70 < d154b333a5667b6c1b213a11a41ad7aaccd10c3d | affected |
| Linux | Linux | 6a3e412c2ab131c54945327a7676b006f000a209 < 5a754d3c771280f2d06bf8ab716d6a0d36ca256e | affected |
| Linux | Linux | 6a459d8edbdbe7b24db42a5a9f21e6aa9e00c2aa < 8cc12dab635333c4ea28e72d7b947be7d0543c2c | affected |
| Linux | Linux | 6a459d8edbdbe7b24db42a5a9f21e6aa9e00c2aa < aee3ecda73ce13af7c3e556383342b57e6bd0718 | affected |
| Linux | Linux | 6a459d8edbdbe7b24db42a5a9f21e6aa9e00c2aa < 135496c208ba26fd68cdef10b64ed7a91ac9a7ff | affected |
| Linux | Linux | 034cbc8d3b47a56acd89453c29632a9c117de09d | affected |
| Linux | Linux | 993406104d2b28fe470126a062ad37a1e21e792e | affected |
| Linux | Linux | 4d20032dd90664de09f2902a7ea49ae2f7771746 | affected |
| Linux | Linux | 2f097dfac7579fd84ff98eb1d3acd41d53a485f3 | affected |
| Linux | Linux | 6ac4f36910764cb510bafc4c3768544f86ca48ca | affected |
| Linux | Linux | 5.10.163 < 5.10.237 | affected |
| Linux | Linux | 5.15.87 < 5.15.181 | affected |
| Linux | Linux | 6.1.4 < 6.1.117 | affected |
| Linux | Linux | 4.9.337 < 4.10 | affected |
| Linux | Linux | 4.14.303 < 4.15 | affected |
| Linux | Linux | 4.19.270 < 4.20 | affected |
| Linux | Linux | 5.4.229 < 5.5 | affected |
| Linux | Linux | 6.0.18 < 6.1 | affected |
| Linux | Linux | 6.2 | affected |
| Linux | Linux | 0 < 6.2 | unaffected |
| Linux | Linux | 5.10.237 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.181 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.117 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.61 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.8 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
References
- https://git.kernel.org/stable/c/40fac0271c7aedf60d81ed8214e80851e5b26312
- https://git.kernel.org/stable/c/d154b333a5667b6c1b213a11a41ad7aaccd10c3d
- https://git.kernel.org/stable/c/5a754d3c771280f2d06bf8ab716d6a0d36ca256e
- https://git.kernel.org/stable/c/8cc12dab635333c4ea28e72d7b947be7d0543c2c
- https://git.kernel.org/stable/c/aee3ecda73ce13af7c3e556383342b57e6bd0718
- https://git.kernel.org/stable/c/135496c208ba26fd68cdef10b64ed7a91ac9a7ff
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.