CVE-2024-50280

Published: Nov 19, 2024

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed.

Vendor	Product	Versions
Linux	Linux	affected `2b17026685a270b2beaf1cdd9857fcedd3505c7e - < 40fac0271c7aedf60d81ed8214e80851e5b26312` affected `d2a0b298ebf83ab6236f66788a3541e91ce75a70 - < d154b333a5667b6c1b213a11a41ad7aaccd10c3d` affected `6a3e412c2ab131c54945327a7676b006f000a209 - < 5a754d3c771280f2d06bf8ab716d6a0d36ca256e` affected `6a459d8edbdbe7b24db42a5a9f21e6aa9e00c2aa - < 8cc12dab635333c4ea28e72d7b947be7d0543c2c` affected `6a459d8edbdbe7b24db42a5a9f21e6aa9e00c2aa - < aee3ecda73ce13af7c3e556383342b57e6bd0718` +14 more versions
Linux	Linux	affected `6.2` unaffected `0 - < 6.2` unaffected `5.10.237 - <= 5.10.` unaffected `5.15.181 - <= 5.15.` unaffected `6.1.117 - <= 6.1.*` +3 more versions