CVE-2024-50277
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's device mapper (dm) subsystem causes a kernel crash when blk_alloc_disk fails during device creation. This affects systems using device mapper functionality like LVM, software RAID, or dm-crypt. The vulnerability leads to denial of service but does not allow privilege escalation or data corruption.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system crash/kernel panic requiring reboot, causing service disruption and potential data loss if unsaved.
Likely Case
Local denial of service when creating device mapper devices under specific error conditions.
If Mitigated
Minimal impact with proper monitoring and automated recovery systems in place.
🎯 Exploit Status
Exploitation requires local access and ability to create device mapper devices, typically requiring root or CAP_SYS_ADMIN.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches via git commits d7aec2a06730b774a97caaf48cbbc58330a85829 and fed13a5478680614ba97fc87e71f16e2e197912e
Vendor Advisory: https://git.kernel.org/stable/c/d7aec2a06730b774a97caaf48cbbc58330a85829
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Restrict device mapper operations
linuxLimit which users can create device mapper devices using capabilities or SELinux/AppArmor policies.
setcap -r /usr/sbin/dmsetup
chmod 750 /usr/sbin/dmsetup
🧯 If You Can't Patch
- Monitor system logs for kernel panic or oops messages related to device mapper
- Implement automated recovery procedures for system crashes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's patched versions. Vulnerable if using unpatched kernel with device mapper support.Check Version:
uname -rVerify Fix Applied:
Verify kernel version matches patched version from vendor and test device mapper operations.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Oops messages mentioning device mapper or blk_alloc_disk
- System crash/reboot logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panic" OR "Oops") AND ("device-mapper" OR "dm-" OR "blk_alloc_disk")