{"vulnerability": "CVE-2024-50280", "sightings": [{"uuid": "c1b13807-fe14-477c-ad29-4eb321e892a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50280", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113507301983406124", "content": "", "creation_timestamp": "2024-11-19T02:39:38.575704Z"}, {"uuid": "f4adaabd-49fc-441d-87ce-ad03faa4e328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50280", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/11429", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50280 - Linux dm Cache Delayed Work Cancelling Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50280 \nPublished : Nov. 19, 2024, 2:16 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndm cache: fix flushing uninitialized delayed_work on cache_ctr error  \n  \nAn unexpected WARN_ON from flush_work() may occur when cache creation  \nfails, caused by destroying the uninitialized delayed_work waker in the  \nerror path of cache_create(). For example, the warning appears on the  \nsuperblock checksum error.  \n  \nReproduce steps:  \n  \ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"  \ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"  \ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"  \ndd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct  \ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\  \n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"  \n  \nKernel logs:  \n  \n(snip)  \nWARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890  \n  \nFix by pulling out the cancel_delayed_work_sync() from the constructor's  \nerror path. This patch doesn't affect the use-after-free fix for  \nconcurrent dm_resume and dm_destroy (commit 6a459d8edbdb (\"dm cache: Fix  \nUAF in destroy()\")) as cache_dtr is not changed. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T04:16:11.000000Z"}, {"uuid": "4306ea8a-c8b8-4791-afd0-3f7baf4f627e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-50280", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}]}