{"id":"CVE-2024-50280","summary":"dm cache: fix flushing uninitialized delayed_work on cache_ctr error","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix flushing uninitialized delayed_work on cache_ctr error\n\nAn unexpected WARN_ON from flush_work() may occur when cache creation\nfails, caused by destroying the uninitialized delayed_work waker in the\nerror path of cache_create(). For example, the warning appears on the\nsuperblock checksum error.\n\nReproduce steps:\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\nKernel logs:\n\n(snip)\nWARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890\n\nFix by pulling out the cancel_delayed_work_sync() from the constructor's\nerror path. This patch doesn't affect the use-after-free fix for\nconcurrent dm_resume and dm_destroy (commit 6a459d8edbdb (\"dm cache: Fix\nUAF in destroy()\")) as cache_dtr is not changed.","modified":"2026-03-20T12:39:40.821347Z","published":"2024-11-19T01:30:21.999Z","related":["SUSE-SU-2025:0117-1","SUSE-SU-2025:0153-1","SUSE-SU-2025:0154-1","SUSE-SU-2025:0201-1","SUSE-SU-2025:0201-2","SUSE-SU-2025:0229-1","SUSE-SU-2025:0236-1","SUSE-SU-2025:0289-1","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","USN-7276-1","USN-7277-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50280.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/135496c208ba26fd68cdef10b64ed7a91ac9a7ff"},{"type":"WEB","url":"https://git.kernel.org/stable/c/40fac0271c7aedf60d81ed8214e80851e5b26312"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5a754d3c771280f2d06bf8ab716d6a0d36ca256e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8cc12dab635333c4ea28e72d7b947be7d0543c2c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aee3ecda73ce13af7c3e556383342b57e6bd0718"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d154b333a5667b6c1b213a11a41ad7aaccd10c3d"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50280.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50280"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2b17026685a270b2beaf1cdd9857fcedd3505c7e"},{"fixed":"40fac0271c7aedf60d81ed8214e80851e5b26312"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d2a0b298ebf83ab6236f66788a3541e91ce75a70"},{"fixed":"d154b333a5667b6c1b213a11a41ad7aaccd10c3d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6a3e412c2ab131c54945327a7676b006f000a209"},{"fixed":"5a754d3c771280f2d06bf8ab716d6a0d36ca256e"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6a459d8edbdbe7b24db42a5a9f21e6aa9e00c2aa"},{"fixed":"8cc12dab635333c4ea28e72d7b947be7d0543c2c"},{"fixed":"aee3ecda73ce13af7c3e556383342b57e6bd0718"},{"fixed":"135496c208ba26fd68cdef10b64ed7a91ac9a7ff"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"034cbc8d3b47a56acd89453c29632a9c117de09d"},{"last_affected":"993406104d2b28fe470126a062ad37a1e21e792e"},{"last_affected":"4d20032dd90664de09f2902a7ea49ae2f7771746"},{"last_affected":"2f097dfac7579fd84ff98eb1d3acd41d53a485f3"},{"last_affected":"6ac4f36910764cb510bafc4c3768544f86ca48ca"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50280.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}