CVE-2024-50280

dm cache: fix flushing uninitialized delayed_work on cache_ctr error

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

dm cache: fix flushing uninitialized delayed_work on cache_ctr error

An unexpected WARN_ON from flush_work() may occur when cache creation
fails, caused by destroying the uninitialized delayed_work waker in the
error path of cache_create(). For example, the warning appears on the
superblock checksum error.

Reproduce steps:

dmsetup create cmeta --table "0 8192 linear /dev/sdc 0"
dmsetup create cdata --table "0 65536 linear /dev/sdc 8192"
dmsetup create corig --table "0 524288 linear /dev/sdc 262144"
dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct
dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0"

Kernel logs:

(snip)
WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890

Fix by pulling out the cancel_delayed_work_sync() from the constructor's
error path. This patch doesn't affect the use-after-free fix for
concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix
UAF in destroy()")) as cache_dtr is not changed.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-19 CVE Published
2024-11-19 CVE Updated
2024-11-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/6a3e412c2ab131c54945327a7676b006f000a209	Vuln. Introduced
https://git.kernel.org/stable/c/6a459d8edbdbe7b24db42a5a9f21e6aa9e00c2aa	Vuln. Introduced
https://git.kernel.org/stable/c/034cbc8d3b47a56acd89453c29632a9c117de09d	Vuln. Introduced
https://git.kernel.org/stable/c/993406104d2b28fe470126a062ad37a1e21e792e	Vuln. Introduced
https://git.kernel.org/stable/c/4d20032dd90664de09f2902a7ea49ae2f7771746	Vuln. Introduced
https://git.kernel.org/stable/c/2f097dfac7579fd84ff98eb1d3acd41d53a485f3	Vuln. Introduced
https://git.kernel.org/stable/c/2b17026685a270b2beaf1cdd9857fcedd3505c7e	Vuln. Introduced
https://git.kernel.org/stable/c/d2a0b298ebf83ab6236f66788a3541e91ce75a70	Vuln. Introduced
https://git.kernel.org/stable/c/6ac4f36910764cb510bafc4c3768544f86ca48ca	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5a754d3c771280f2d06bf8ab716d6a0d36ca256e	2024-11-14
https://git.kernel.org/stable/c/8cc12dab635333c4ea28e72d7b947be7d0543c2c	2024-11-14
https://git.kernel.org/stable/c/aee3ecda73ce13af7c3e556383342b57e6bd0718	2024-11-14
https://git.kernel.org/stable/c/135496c208ba26fd68cdef10b64ed7a91ac9a7ff	2024-11-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.4 < 6.1.117 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.4 < 6.1.117"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.6.61 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.6.61"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.11.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.11.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.9.337 Search vendor "Linux" for product "Linux Kernel" and version "4.9.337"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.303 Search vendor "Linux" for product "Linux Kernel" and version "4.14.303"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.270 Search vendor "Linux" for product "Linux Kernel" and version "4.19.270"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.4.229 Search vendor "Linux" for product "Linux Kernel" and version "5.4.229"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.163 Search vendor "Linux" for product "Linux Kernel" and version "5.10.163"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15.87 Search vendor "Linux" for product "Linux Kernel" and version "5.15.87"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.0.18 Search vendor "Linux" for product "Linux Kernel" and version "6.0.18"		en		Affected