CVE-2024-50280

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-50280
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50280.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50280
Downstream
Related
Published
2024-11-19T01:30:21.999Z
Modified
2025-11-28T02:33:57.121297Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
dm cache: fix flushing uninitialized delayed_work on cache_ctr error
Details

In the Linux kernel, the following vulnerability has been resolved:

dm cache: fix flushing uninitialized delayedwork on cachectr error

An unexpected WARNON from flushwork() may occur when cache creation fails, caused by destroying the uninitialized delayedwork waker in the error path of cachecreate(). For example, the warning appears on the superblock checksum error.

Reproduce steps:

dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0"

Kernel logs:

(snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 _flushwork+0x5d4/0x890

Fix by pulling out the canceldelayedworksync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dmresume and dmdestroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cachedtr is not changed.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50280.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2b17026685a270b2beaf1cdd9857fcedd3505c7e
Fixed
40fac0271c7aedf60d81ed8214e80851e5b26312
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d2a0b298ebf83ab6236f66788a3541e91ce75a70
Fixed
d154b333a5667b6c1b213a11a41ad7aaccd10c3d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6a3e412c2ab131c54945327a7676b006f000a209
Fixed
5a754d3c771280f2d06bf8ab716d6a0d36ca256e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6a459d8edbdbe7b24db42a5a9f21e6aa9e00c2aa
Fixed
8cc12dab635333c4ea28e72d7b947be7d0543c2c
Fixed
aee3ecda73ce13af7c3e556383342b57e6bd0718
Fixed
135496c208ba26fd68cdef10b64ed7a91ac9a7ff
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
034cbc8d3b47a56acd89453c29632a9c117de09d
Last affected
993406104d2b28fe470126a062ad37a1e21e792e
Last affected
4d20032dd90664de09f2902a7ea49ae2f7771746
Last affected
2f097dfac7579fd84ff98eb1d3acd41d53a485f3
Last affected
6ac4f36910764cb510bafc4c3768544f86ca48ca

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.237
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.181
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.117
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.61
Fixed
6.11.8