CVE-2024-50250: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter is very very broken, which bfoster's recent fsx changes have exposed. If the pos and len passed to dax_file_unshare are not aligned to an fsblock boundary, the iter pos and length in the _iter function will reflect this unalignment. dax_iomap_direct_access always returns a pointer to the start of the kmapped fsdax page, even if its pos argument is in the middle of that page. This is catastrophic for data integrity when iter->pos is not aligned to a page, because daddr/saddr do not point to the same byte in the file as iter->pos. Hence we corrupt user data by copying it to the wrong place. If iter->pos + iomap_length() in the _iter function not aligned to a page, then we fail to copy a full block, and only partially populate the destination block. This is catastrophic for data confidentiality because we expose stale pmem contents. Fix both of these issues by aligning copy_pos/copy_len to a page boundary (remember, this is fsdax so 1 fsblock == 1 base page) so that we always copy full blocks. We're not done yet -- there's no call to invalidate_inode_pages2_range, so programs that have the file range mmap'd will continue accessing the old memory mapping after the file metadata updates have completed. Be careful with the return value -- if the unshare succeeds, we still need to return the number of bytes that the iomap iter thinks we're operating on.
AI Analysis
Technical Summary
CVE-2024-50250 is a vulnerability in the Linux kernel's fsdax subsystem, specifically within the dax_unshare_iter function. The issue arises because the function does not correctly handle unaligned positions and lengths when copying data blocks from source memory mappings (srcmap) to iomaps. The dax_iomap_direct_access function always returns a pointer to the start of a kmapped fsdax page regardless of the position argument, which can be in the middle of the page. This misalignment causes the data address and source address to not correspond to the same byte in the file, leading to user data corruption by copying data to incorrect locations. Furthermore, if the sum of iter->pos and iomap_length() is not page-aligned, the function fails to copy a full block, resulting in partial population of the destination block. This partial copy exposes stale persistent memory (pmem) contents, which is a serious confidentiality risk. The vulnerability also involves the lack of invalidation of inode pages after file metadata updates, meaning that programs with the file range mmap'd may continue accessing outdated memory mappings, potentially leading to further data integrity or confidentiality issues. The fix involves aligning copy positions and lengths to page boundaries to ensure full blocks are copied and addressing the missing invalidation step. This vulnerability affects Linux kernel versions identified by specific commit hashes and was published on November 9, 2024. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses significant risks to data integrity and confidentiality, especially for systems using fsdax (filesystem direct access) with persistent memory. Organizations relying on Linux servers for critical data storage, databases, or applications that utilize persistent memory-backed filesystems may experience data corruption or leakage of stale sensitive data. This could lead to loss of trust, regulatory non-compliance (e.g., GDPR violations due to data exposure), and operational disruptions. The exposure of stale pmem contents could allow attackers or unauthorized users to access residual data that should have been overwritten, potentially leaking sensitive information. Additionally, corrupted data could cause application failures or data loss, impacting business continuity. Since the vulnerability affects kernel-level operations, exploitation could have widespread effects across multiple applications and services running on the affected Linux systems. The lack of known exploits currently reduces immediate risk but does not eliminate the potential for future attacks once the vulnerability becomes public knowledge.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-50250 as soon as it becomes available. Until patches are applied, organizations should audit their use of fsdax and persistent memory filesystems to identify vulnerable systems. Limiting access to systems with persistent memory features and restricting mmap usage to trusted applications can reduce exposure. Implementing strict access controls and monitoring for unusual file system or memory access patterns may help detect exploitation attempts. Additionally, organizations should ensure that their backup and recovery procedures are robust to mitigate potential data corruption impacts. For environments where immediate patching is not feasible, consider disabling or avoiding the use of fsdax features that rely on dax_unshare_iter functionality. Collaboration with Linux distribution vendors to obtain timely security updates and testing patches in staging environments before deployment is recommended to avoid operational disruptions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Belgium, Italy, Spain
CVE-2024-50250: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter is very very broken, which bfoster's recent fsx changes have exposed. If the pos and len passed to dax_file_unshare are not aligned to an fsblock boundary, the iter pos and length in the _iter function will reflect this unalignment. dax_iomap_direct_access always returns a pointer to the start of the kmapped fsdax page, even if its pos argument is in the middle of that page. This is catastrophic for data integrity when iter->pos is not aligned to a page, because daddr/saddr do not point to the same byte in the file as iter->pos. Hence we corrupt user data by copying it to the wrong place. If iter->pos + iomap_length() in the _iter function not aligned to a page, then we fail to copy a full block, and only partially populate the destination block. This is catastrophic for data confidentiality because we expose stale pmem contents. Fix both of these issues by aligning copy_pos/copy_len to a page boundary (remember, this is fsdax so 1 fsblock == 1 base page) so that we always copy full blocks. We're not done yet -- there's no call to invalidate_inode_pages2_range, so programs that have the file range mmap'd will continue accessing the old memory mapping after the file metadata updates have completed. Be careful with the return value -- if the unshare succeeds, we still need to return the number of bytes that the iomap iter thinks we're operating on.
AI-Powered Analysis
Technical Analysis
CVE-2024-50250 is a vulnerability in the Linux kernel's fsdax subsystem, specifically within the dax_unshare_iter function. The issue arises because the function does not correctly handle unaligned positions and lengths when copying data blocks from source memory mappings (srcmap) to iomaps. The dax_iomap_direct_access function always returns a pointer to the start of a kmapped fsdax page regardless of the position argument, which can be in the middle of the page. This misalignment causes the data address and source address to not correspond to the same byte in the file, leading to user data corruption by copying data to incorrect locations. Furthermore, if the sum of iter->pos and iomap_length() is not page-aligned, the function fails to copy a full block, resulting in partial population of the destination block. This partial copy exposes stale persistent memory (pmem) contents, which is a serious confidentiality risk. The vulnerability also involves the lack of invalidation of inode pages after file metadata updates, meaning that programs with the file range mmap'd may continue accessing outdated memory mappings, potentially leading to further data integrity or confidentiality issues. The fix involves aligning copy positions and lengths to page boundaries to ensure full blocks are copied and addressing the missing invalidation step. This vulnerability affects Linux kernel versions identified by specific commit hashes and was published on November 9, 2024. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses significant risks to data integrity and confidentiality, especially for systems using fsdax (filesystem direct access) with persistent memory. Organizations relying on Linux servers for critical data storage, databases, or applications that utilize persistent memory-backed filesystems may experience data corruption or leakage of stale sensitive data. This could lead to loss of trust, regulatory non-compliance (e.g., GDPR violations due to data exposure), and operational disruptions. The exposure of stale pmem contents could allow attackers or unauthorized users to access residual data that should have been overwritten, potentially leaking sensitive information. Additionally, corrupted data could cause application failures or data loss, impacting business continuity. Since the vulnerability affects kernel-level operations, exploitation could have widespread effects across multiple applications and services running on the affected Linux systems. The lack of known exploits currently reduces immediate risk but does not eliminate the potential for future attacks once the vulnerability becomes public knowledge.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-50250 as soon as it becomes available. Until patches are applied, organizations should audit their use of fsdax and persistent memory filesystems to identify vulnerable systems. Limiting access to systems with persistent memory features and restricting mmap usage to trusted applications can reduce exposure. Implementing strict access controls and monitoring for unusual file system or memory access patterns may help detect exploitation attempts. Additionally, organizations should ensure that their backup and recovery procedures are robust to mitigate potential data corruption impacts. For environments where immediate patching is not feasible, consider disabling or avoiding the use of fsdax features that rely on dax_unshare_iter functionality. Collaboration with Linux distribution vendors to obtain timely security updates and testing patches in staging environments before deployment is recommended to avoid operational disruptions.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.979Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdf630
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 1:26:25 PM
Last updated: 7/29/2025, 2:29:43 PM
Views: 8
Related Threats
CVE-2025-9028: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-26709: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in ZTE F50
MediumCVE-2025-9027: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-9026: OS Command Injection in D-Link DIR-860L
MediumCVE-2025-9025: SQL Injection in code-projects Simple Cafe Ordering System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.