CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-50277: dm: fix a crash if blk_alloc_disk fails

Description

In the Linux kernel, the following vulnerability has been resolved:

dm: fix a crash if blk_alloc_disk fails

If blk_alloc_disk fails, the variable md->disk is set to an error value.
cleanup_mapped_device will see that md->disk is non-NULL and it will
attempt to access it, causing a crash on this statement
"md->disk->private_data = NULL;".

Classification

CVE ID: CVE-2024-50277

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.89% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-50277
https://git.kernel.org/stable/c/d7aec2a06730b774a97caaf48cbbc58330a85829
https://git.kernel.org/stable/c/fed13a5478680614ba97fc87e71f16e2e197912e

Timeline

2025-03-06 09:45:34 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-50277
2025-05-04 10:40:22 UTC
CVE

dm: fix a crash if blk_alloc_disk fails