Out-of-bounds Access to Dirty Bitset in Linux Kernel's dm-cache
CVE-2024-50279

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 November 2024

What is CVE-2024-50279?

The Linux kernel's dm-cache module has a vulnerability where an incorrect index during bitset iteration can lead to out-of-bounds access when resizing the dirty bitset. Specifically, when the caching device shrinks, it fails to properly validate the boundary of the dirty bits to be dropped, potentially resulting in unintended memory access. This can be exploited during operations that manipulate the cache device's size, which may lead to read/write errors and could impact system stability. It is crucial for users of affected kernel versions to implement the fixes provided in subsequent patches to mitigate any risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux f494a9c6b1b6dd9a9f21bbb75d9210d478eeb498 < 4fa4feb873cea0e9d6ff883b37cca6f33169d8b4

Linux f494a9c6b1b6dd9a9f21bbb75d9210d478eeb498 < 8501e38dc9e0060814c4085815fc83da3e6d43bf

Linux f494a9c6b1b6dd9a9f21bbb75d9210d478eeb498

References

https://git.kernel.org/stable/c/4fa4feb873cea0e9d6ff883b3...

https://git.kernel.org/stable/c/8501e38dc9e0060814c408581...

https://git.kernel.org/stable/c/ee1f74925717ab36f6a091104...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2024

JSON

Linux