CVE-2024-50280

Published Nov 19, 2024

Last updated a month ago

CVSS high 7.8

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C8C5100-ECF6-4F64-9489-EFC7923A7591",
            "versionEndExcluding": "4.10",
            "versionStartIncluding": "4.9.337"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68B456F6-323E-4372-A707-523AAA068DF8",
            "versionEndExcluding": "4.15",
            "versionStartIncluding": "4.14.303"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C08F8902-A527-4C5E-A1BC-1DA79FBF4CB1",
            "versionEndExcluding": "4.20",
            "versionStartIncluding": "4.19.270"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "591759E0-9179-476B-B922-DD6AA7773219",
            "versionEndExcluding": "5.5",
            "versionStartIncluding": "5.4.229"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53D87249-4A08-437D-909C-5C0B95855D4B",
            "versionEndExcluding": "5.11",
            "versionStartIncluding": "5.10.163"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEBD23AC-770E-4593-AF20-BBA5DB23F16F",
            "versionEndExcluding": "5.16",
            "versionStartIncluding": "5.15.87"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33CA909F-C234-4F7C-912A-856CD6266004",
            "versionEndExcluding": "6.1",
            "versionStartIncluding": "6.0.18"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05665564-1772-40F6-8BE4-A77BB03EE619",
            "versionEndExcluding": "6.1.117",
            "versionStartIncluding": "6.1.4"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3",
            "versionEndExcluding": "6.6.61",
            "versionStartIncluding": "6.2"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95",
            "versionEndExcluding": "6.11.8",
            "versionStartIncluding": "6.7"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References