CVE-2024-50279
HighIn the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes out-of-bounds access. Reproduce steps: 1. create a cache device of 1024 cache blocks (128 bytes dirty bitset) dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 131072 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" 2. shrink the fast device to 512 cache blocks, triggering out-of-bounds access to the dirty bitset (offset 0x80) dmsetup suspend cache dmsetup reload cdata --table "0 65536 linear /dev/sdc 8192" dmsetup resume cdata dmsetup resume cache KASAN reports: BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0 Read of size 8 at addr ffffc900000f3080 by task dmsetup/131 (...snip...) The buggy address belongs to the virtual mapping at [ffffc900000f3000, ffffc900000f5000) created by: cache_ctr+0x176a/0x35f0 (...snip...) Memory state around the buggy address: ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 Fix by making the index post-incremented.
CVSS 3.1 score
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Weakness type
CWE-125CVE-2024-50279 is a Out-of-bounds Read vulnerability
What is Out-of-bounds Read?
The product reads data past the end or before the beginning of the intended buffer. Learn more on MITRE CWE
Affected versions
Linux kernel versions
3.13
and later are affected. Fixed in
4.19.324,
5.4.286,
5.10.230,
5.15.172,
6.1.117,
6.6.61,
6.11.8,
6.12
and their respective stable series.
References
The following references provide additional information about CVE-2024-50279 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
-
-
PatchKernel patch commithttps://git.kernel.org/stable/c/3b02c40ff10fdf83cc545850db208de855ebe22c
-
PatchKernel patch commithttps://git.kernel.org/stable/c/4fa4feb873cea0e9d6ff883b37cca6f33169d8b4
-
PatchKernel patch commithttps://git.kernel.org/stable/c/56507203e1b6127967ec2b51fb0b23a0d4af1334
Frequently asked questions
-
What is CVE-2024-50279?
CVE-2024-50279 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10 , classified as an Out-of-bounds Read flaw (CWE-125) . It affects Linux kernel versions from 3.13 onward and has been patched in 4.19.324, 5.4.286, 5.10.230 and others. CVE-2024-50279 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2024-50279?
CVE-2024-50279 has a CVSS score of 7.1 out of 10, rated High severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. -
Is there a patch available for CVE-2024-50279?
Yes — CVE-2024-50279 has been patched. Fixed versions include 4.19.324, 5.4.286, 5.10.230 and others. If you are running Linux kernel 3.13 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2024-50279 actively exploited?
No — CVE-2024-50279 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
-
What is Out-of-bounds Read (CWE-125)?
The product reads data past the end or before the beginning of the intended buffer. View CWE-125 on MITRE CWE →