cve/2024/CVE-2024-50280.md

### [CVE-2024-50280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50280)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=034cbc8d3b47a56acd89453c29632a9c117de09d%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2b17026685a270b2beaf1cdd9857fcedd3505c7e%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2f097dfac7579fd84ff98eb1d3acd41d53a485f3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4d20032dd90664de09f2902a7ea49ae2f7771746%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6a3e412c2ab131c54945327a7676b006f000a209%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6a459d8edbdbe7b24db42a5a9f21e6aa9e00c2aa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6ac4f36910764cb510bafc4c3768544f86ca48ca%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=993406104d2b28fe470126a062ad37a1e21e792e%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=d2a0b298ebf83ab6236f66788a3541e91ce75a70%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:dm cache: fix flushing uninitialized delayed_work on cache_ctr errorAn unexpected WARN_ON from flush_work() may occur when cache creationfails, caused by destroying the uninitialized delayed_work waker in theerror path of cache_create(). For example, the warning appears on thesuperblock checksum error.Reproduce steps:dmsetup create cmeta --table "0 8192 linear /dev/sdc 0"dmsetup create cdata --table "0 65536 linear /dev/sdc 8192"dmsetup create corig --table "0 524288 linear /dev/sdc 262144"dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=directdmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0"Kernel logs:(snip)WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890Fix by pulling out the cancel_delayed_work_sync() from the constructor'serror path. This patch doesn't affect the use-after-free fix forconcurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: FixUAF in destroy()")) as cache_dtr is not changed.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/w4zu/Debian_security
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-50280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50280)`
			`![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=034cbc8d3b47a56acd89453c29632a9c117de09d%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2b17026685a270b2beaf1cdd9857fcedd3505c7e%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2f097dfac7579fd84ff98eb1d3acd41d53a485f3%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4d20032dd90664de09f2902a7ea49ae2f7771746%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=6.2%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=6a3e412c2ab131c54945327a7676b006f000a209%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=6a459d8edbdbe7b24db42a5a9f21e6aa9e00c2aa%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=6ac4f36910764cb510bafc4c3768544f86ca48ca%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=993406104d2b28fe470126a062ad37a1e21e792e%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=d2a0b298ebf83ab6236f66788a3541e91ce75a70%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)`

			`### Description`

			In the Linux kernel, the following vulnerability has been resolved:dm cache: fix flushing uninitialized delayed_work on cache_ctr errorAn unexpected WARN_ON from flush_work() may occur when cache creationfails, caused by destroying the uninitialized delayed_work waker in theerror path of cache_create(). For example, the warning appears on thesuperblock checksum error.Reproduce steps:dmsetup create cmeta --table "0 8192 linear /dev/sdc 0"dmsetup create cdata --table "0 65536 linear /dev/sdc 8192"dmsetup create corig --table "0 524288 linear /dev/sdc 262144"dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=directdmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0"Kernel logs:(snip)WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890Fix by pulling out the cancel_delayed_work_sync() from the constructor'serror path. This patch doesn't affect the use-after-free fix forconcurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: FixUAF in destroy()")) as cache_dtr is not changed.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/w4zu/Debian_security`