Addressing Out-of-Bounds Access in the Linux Kernel's dm Cache
CVE-2024-50278

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 November 2024

What is CVE-2024-50278?

An issue has been identified within the Linux kernel where an out-of-bounds access may occur during the manipulation of device mapper cache functions. This vulnerability arises when the fast device unexpectedly expands before the cache table resumes for the first time. The core problem lies in the lack of size check during this initial resume, leading to potential memory corruption. During a scenario where in-core data structures are inadequately allocated following a cache expansion, an out-of-bounds read can occur, potentially exposing sensitive information or causing system instability. Users and administrators should remain vigilant and apply the necessary updates to mitigate any associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux f494a9c6b1b6dd9a9f21bbb75d9210d478eeb498

Linux f494a9c6b1b6dd9a9f21bbb75d9210d478eeb498 < 2222b0929d00e2d13732b799b63be391b5de4492

Linux f494a9c6b1b6dd9a9f21bbb75d9210d478eeb498 < 483b7261b35a9d369082ab298a6670912243f0be

References

https://git.kernel.org/stable/c/e492f71854ce03474d49e87fd...

https://git.kernel.org/stable/c/2222b0929d00e2d13732b799b...

https://git.kernel.org/stable/c/483b7261b35a9d369082ab298...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2024

JSON

Linux