CVE-2024-50280

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024
Updated: Dec 11, 2024
CWE ID 416

Summary

CVE-2024-50280 is a vulnerability affecting the Linux kernel that involves an issue with the dm cache. When cache creation fails, an unexpected WARN_ON message may appear from the flush_work() function due to the destruction of an uninitialized delayed_work waker. This can lead to a warning in kernel logs. The issue has been resolved by removing the cancel_delayed_work_sync() call from the constructor's error path. This patch does not impact the use-after-free fix for concurrent dm_resume and dm_destroy. Reproduction steps involve creating and managing several dm devices using the dmsetup utility, followed by writing data to one of the devices.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share