CVE-2024-50279
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Nov 19, 2024
Updated: Nov 27, 2024
CWE ID 125
Summary
CVE-2024-50279 is a vulnerability affecting the Linux kernel's dm-cache subsystem. The issue arises when resizing the fast device, causing an out-of-bounds access to the dirty bitset. This results in incorrect indexing during bitset iteration, leading to unintended memory access. To reproduce the issue, a user can create a cache device with a specific table and size, shrink the fast device, and observe the out-of-bounds access reported by KASAN. The vulnerability is resolved by ensuring that the index is post-incremented during bitset iteration.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Linux Kernel
Affected Vendors
- LINUX