CVE-2024-50279: Linux Kernel Buffer Overflow Vulnerability

CVE-2024-50279 Overview

CVE-2024-50279 is an out-of-bounds read vulnerability in the Linux kernel's dm-cache (device-mapper cache) subsystem. The vulnerability occurs during cache device resize operations when the system checks dirty bits of cache blocks to be dropped while shrinking the fast device. An index bug in the bitset iteration causes the kernel to access memory outside the allocated dirty bitset bounds.

Critical Impact
Local attackers with low privileges can trigger out-of-bounds memory reads in kernel space, potentially leading to sensitive information disclosure or system crashes.

Affected Products

Linux Kernel versions prior to patched releases
Linux Kernel 6.12 release candidates (rc1 through rc6)
Systems using dm-cache for storage caching

Discovery Timeline

November 19, 2024 - CVE-2024-50279 published to NVD
November 3, 2025 - Last updated in NVD database

Technical Details for CVE-2024-50279

Vulnerability Analysis

The vulnerability resides in the cache_preresume() function within the dm-cache subsystem. When a cache device is resized to a smaller size, the system must check the dirty bits of cache blocks that will be dropped. The dm-cache module maintains a dirty bitset to track which cache blocks contain modified data that hasn't been written back to the origin device.

During the resize operation, an index bug in the bitset iteration logic causes the code to read beyond the allocated memory region. Specifically, when shrinking from 1024 cache blocks (128 bytes dirty bitset) to 512 cache blocks, the iteration incorrectly accesses memory at offset 0x80 beyond the valid bitset boundary.

KASAN (Kernel Address Sanitizer) reports this as a vmalloc-out-of-bounds read at the cache_preresume+0x269/0x7b0 location, with the invalid access occurring within a virtual memory mapping created during cache_ctr() initialization.

Root Cause

The root cause is an incorrect index calculation in the bitset iteration loop. The index was being pre-incremented when it should have been post-incremented, causing the loop to access one position beyond the valid range when checking dirty bits for cache blocks scheduled for removal during a shrink operation.

Attack Vector

The vulnerability requires local access to the system with privileges sufficient to manipulate device-mapper configurations. An attacker can trigger the vulnerability through the following sequence:

Create a cache device with a specific number of cache blocks using dmsetup
Suspend the cache device
Reload the cache data device with a smaller size configuration
Resume the devices, triggering the out-of-bounds access during the pre-resume check

The KASAN output demonstrates memory access at address ffffc900000f3080, which falls outside the valid virtual mapping range [ffffc900000f3000, ffffc900000f5000) that was allocated for the dirty bitset. The memory state shows poisoned bytes (f8) being accessed, indicating an out-of-bounds read condition.

Detection Methods for CVE-2024-50279

Indicators of Compromise

KASAN kernel warnings containing "vmalloc-out-of-bounds in cache_preresume"
Kernel log messages referencing out-of-bounds access at addresses within dm-cache virtual mappings
System crashes or kernel panics during dm-cache resize operations

Detection Strategies

Enable KASAN in kernel builds to detect out-of-bounds memory access attempts
Monitor kernel logs for dm-cache related errors during device resize operations
Implement audit rules for dmsetup commands that modify cache device configurations
Deploy kernel security modules that track device-mapper configuration changes

Monitoring Recommendations

Configure alerting for kernel KASAN reports in system logging infrastructure
Monitor for unexpected dm-cache device configuration changes
Track dmsetup suspend, reload, and resume command sequences targeting cache devices

How to Mitigate CVE-2024-50279

Immediate Actions Required

Update to a patched Linux kernel version containing the fix
Limit access to device-mapper configuration commands to trusted administrators only
Monitor dm-cache operations during resize events until patches are applied
Consider temporarily avoiding dm-cache resize operations on production systems

Patch Information

The fix involves changing the index from pre-increment to post-increment in the bitset iteration logic. Multiple patches have been released across different kernel branches:

Debian users should refer to the Debian LTS Announcement January 2025 and Debian LTS Announcement March 2025 for distribution-specific updates.

Workarounds

Restrict dmsetup command access to root users and trusted administrators
Avoid performing cache shrink operations until the kernel is updated
If dm-cache resize is required, migrate data off the cache device first and recreate with the new size

bash

# Restrict dmsetup access (example)
chmod 750 /sbin/dmsetup
chown root:admin /sbin/dmsetup

# Monitor for dm-cache resize operations
auditctl -w /sbin/dmsetup -p x -k dmsetup_exec

CVE-2024-50279 Overview

Critical Impact
Local attackers with low privileges can trigger out-of-bounds memory reads in kernel space, potentially leading to sensitive information disclosure or system crashes.

Affected Products

Linux Kernel versions prior to patched releases
Linux Kernel 6.12 release candidates (rc1 through rc6)
Systems using dm-cache for storage caching

Discovery Timeline

November 19, 2024 - CVE-2024-50279 published to NVD
November 3, 2025 - Last updated in NVD database

Technical Details for CVE-2024-50279

Vulnerability Analysis

Root Cause

Attack Vector

The vulnerability requires local access to the system with privileges sufficient to manipulate device-mapper configurations. An attacker can trigger the vulnerability through the following sequence:

Create a cache device with a specific number of cache blocks using dmsetup
Suspend the cache device
Reload the cache data device with a smaller size configuration
Resume the devices, triggering the out-of-bounds access during the pre-resume check

Detection Methods for CVE-2024-50279

Indicators of Compromise

KASAN kernel warnings containing "vmalloc-out-of-bounds in cache_preresume"
Kernel log messages referencing out-of-bounds access at addresses within dm-cache virtual mappings
System crashes or kernel panics during dm-cache resize operations

Detection Strategies

Enable KASAN in kernel builds to detect out-of-bounds memory access attempts
Monitor kernel logs for dm-cache related errors during device resize operations
Implement audit rules for dmsetup commands that modify cache device configurations
Deploy kernel security modules that track device-mapper configuration changes

Monitoring Recommendations

Configure alerting for kernel KASAN reports in system logging infrastructure
Monitor for unexpected dm-cache device configuration changes
Track dmsetup suspend, reload, and resume command sequences targeting cache devices

How to Mitigate CVE-2024-50279

Immediate Actions Required

Update to a patched Linux kernel version containing the fix
Limit access to device-mapper configuration commands to trusted administrators only
Monitor dm-cache operations during resize events until patches are applied
Consider temporarily avoiding dm-cache resize operations on production systems

Patch Information

The fix involves changing the index from pre-increment to post-increment in the bitset iteration logic. Multiple patches have been released across different kernel branches:

Debian users should refer to the Debian LTS Announcement January 2025 and Debian LTS Announcement March 2025 for distribution-specific updates.

Workarounds

Restrict dmsetup command access to root users and trusted administrators
Avoid performing cache shrink operations until the kernel is updated
If dm-cache resize is required, migrate data off the cache device first and recreate with the new size

bash

# Restrict dmsetup access (example)
chmod 750 /sbin/dmsetup
chown root:admin /sbin/dmsetup

# Monitor for dm-cache resize operations
auditctl -w /sbin/dmsetup -p x -k dmsetup_exec

CVE-2024-50279: Linux Kernel Buffer Overflow Vulnerability

CVE-2024-50279 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2024-50279

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2024-50279

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2024-50279

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform

CVE-2024-50279: Linux Kernel Buffer Overflow Vulnerability

CVE-2024-50279 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2024-50279

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2024-50279

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2024-50279

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform