CVE-2024-50280
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-50280 is a vulnerability affecting the Linux kernel that involves an issue with the dm cache. When cache creation fails, an unexpected WARN_ON message may appear from the flush_work() function due to the destruction of an uninitialized delayed_work waker. This can lead to a warning in kernel logs. The issue has been resolved by removing the cancel_delayed_work_sync() call from the constructor's error path. This patch does not impact the use-after-free fix for concurrent dm_resume and dm_destroy. Reproduction steps involve creating and managing several dm devices using the dmsetup utility, followed by writing data to one of the devices.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX