CVE-2024-50277 in Linuxinfo

Summary

by MITRE • 11/19/2024

In the Linux kernel, the following vulnerability has been resolved:

dm: fix a crash if blk_alloc_disk fails

If blk_alloc_disk fails, the variable md->disk is set to an error value. cleanup_mapped_device will see that md->disk is non-NULL and it will attempt to access it, causing a crash on this statement "md->disk->private_data = NULL;".

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 10/22/2025

This vulnerability exists within the Linux kernel's device mapper subsystem where a critical race condition and improper error handling can lead to system crashes. The issue manifests when the blk_alloc_disk function fails during device mapping operations, creating a scenario where the md->disk variable is assigned an error value rather than a valid disk structure pointer. This fundamental flaw in error propagation creates a dangerous state where subsequent cleanup operations attempt to dereference what appears to be a valid pointer but is actually an error indicator. The device mapper's cleanup_mapped_device function performs a check that only verifies if md->disk is non-NULL without properly validating whether it contains a legitimate disk structure, leading to a kernel panic when attempting to access the private_data member of an invalid disk reference.

The technical execution of this vulnerability follows a clear path where the kernel's device mapping logic fails to properly handle allocation failures in the block layer. When blk_alloc_disk encounters conditions that prevent disk allocation such as memory exhaustion or resource constraints, it returns an error value that gets stored in md->disk. The cleanup function subsequently evaluates this error value as a valid pointer due to the absence of proper error validation, triggering a null pointer dereference when attempting to set md->disk->private_data = NULL. This pattern represents a classic improper error handling vulnerability that violates fundamental kernel safety principles and can be classified under CWE-476 as NULL pointer dereference. The vulnerability directly impacts the device mapper's ability to gracefully handle resource allocation failures, which can occur during system stress conditions or when running multiple device mapping operations simultaneously.

The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise system stability and availability in production environments. When triggered, the kernel panic resulting from this flaw can cause complete system halts, particularly affecting systems relying heavily on device mapping for storage virtualization, logical volume management, or snapshot operations. The crash occurs during cleanup phases of device mapping operations, making it particularly dangerous as it can affect systems during normal operation or when handling error conditions. This vulnerability affects the broader Linux storage stack and can be exploited in scenarios involving multiple concurrent device mapping operations or when systems are under memory pressure, potentially leading to denial of service conditions that could be leveraged by malicious actors to disrupt system availability. The ATT&CK framework categorizes this under privilege escalation and denial of service tactics, as it can be used to cause system instability and potentially gain unauthorized access to system resources through forced system restarts.

Mitigation strategies for this vulnerability should focus on implementing proper error validation and handling within the device mapper subsystem. Kernel updates addressing this specific issue should be prioritized, as they contain the necessary fixes to ensure that error values from blk_alloc_disk are properly recognized and handled without attempting invalid memory accesses. Administrators should monitor systems for resource exhaustion conditions that could trigger allocation failures, particularly in environments running extensive storage virtualization workloads. Additionally, implementing proper memory management practices and ensuring adequate system resources can reduce the likelihood of hitting this race condition. The fix should include validation checks that ensure md->disk contains a valid disk structure before attempting to access its members, preventing the invalid pointer dereference that causes the system crash. Organizations should also consider implementing monitoring solutions that can detect unusual patterns in device mapping operations that might indicate resource exhaustion leading to this vulnerability condition.

Responsible

Linux

Reservation

10/21/2024

Disclosure

11/19/2024

Moderation

accepted

CPE

ready

EPSS

0.00187

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!