fsdax: dax_unshare_iter needs to copy entire blocks
CVE-2024-50250

7.1HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
9 November 2024

What is CVE-2024-50250?

A vulnerability in the Linux kernel arises from improperly aligned memory operations during file sharing processes in the fsdax file system. The dax_unshare_iter function fails to ensure that data copy operations align with file system block boundaries, leading to potential data corruption and exposure of stale persistent memory contents. This misalignment results in incorrect byte copying, which directly impacts data integrity during file access. Additionally, the lack of an appropriate mechanism to invalidate the inode pages permits outdated memory mappings to persist post-metadata updates, heightening the risk of unauthorized data access. Addressing these issues requires realigning copy operations to ensure full blocks are processed correctly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1bec6782a25c9b92c203ea7a1b3e3dc6a468cbc4

Linux d984648e428bf88cbd94ebe346c73632cb92fffb < 9bc18bb476e50e32e5d08f2734d63d63e0fa528c

Linux d984648e428bf88cbd94ebe346c73632cb92fffb < 8e9c0f500b42216ef930f5c0d1703989a451913d

References

https://git.kernel.org/stable/c/bdbc96c23197d773a7d1bf03e...
https://git.kernel.org/stable/c/9bc18bb476e50e32e5d08f273...
https://git.kernel.org/stable/c/8e9c0f500b42216ef930f5c0d...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.