CVE-2024-50278
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-50278 is a vulnerability affecting the Linux kernel's dm cache. This issue arises due to an out-of-bounds access event that occurs when the fast device is expanded unexpectedly before the first resume of the cache table. The reloading of the cache table during cache_create fails to perform the necessary checks, resulting in inadequate in-core data structures and, ultimately, out-of-bounds access. Reproducible steps involve creating and loading a cache table, expanding the fast device, and suspending the cache to write out the in-core data. The vulnerability manifests as KASAN reporting a vmalloc-out-of-bounds error, with the buggy address belonging to a virtual mapping created by cache_ctr. The fix for this issue involves implementing size checks during the first resume of the cache table.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX