https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

https://git.kernel.org/stable/c/40fac0271c7aedf60d81ed8214e80851e5b26312

https://git.kernel.org/stable/c/d154b333a5667b6c1b213a11a41ad7aaccd10c3d

OR
          *cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.337 up to (excluding) 4.10
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.303 up to (excluding) 4.15
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.270 up to (excluding) 4.20
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.229 up to (excluding) 5.5
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.163 up to (excluding) 5.11
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.87 up to (excluding) 5.16
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.0.18 up to (excluding) 6.1
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.4 up to (excluding) 6.1.117
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.61
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.11.8

kernel.org: https://git.kernel.org/stable/c/135496c208ba26fd68cdef10b64ed7a91ac9a7ff Types: Patch

kernel.org: https://git.kernel.org/stable/c/5a754d3c771280f2d06bf8ab716d6a0d36ca256e Types: Patch

kernel.org: https://git.kernel.org/stable/c/8cc12dab635333c4ea28e72d7b947be7d0543c2c Types: Patch

kernel.org: https://git.kernel.org/stable/c/aee3ecda73ce13af7c3e556383342b57e6bd0718 Types: Patch

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416

In the Linux kernel, the following vulnerability has been resolved:

dm cache: fix flushing uninitialized delayed_work on cache_ctr error

An unexpected WARN_ON from flush_work() may occur when cache creation
fails, caused by destroying the uninitialized delayed_work waker in the
error path of cache_create(). For example, the warning appears on the
superblock checksum error.

Reproduce steps:

dmsetup create cmeta --table "0 8192 linear /dev/sdc 0"
dmsetup create cdata --table "0 65536 linear /dev/sdc 8192"
dmsetup create corig --table "0 524288 linear /dev/sdc 262144"
dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct
dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \
/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0"

Kernel logs:

(snip)
WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890

Fix by pulling out the cancel_delayed_work_sync() from the constructor's
error path. This patch doesn't affect the use-after-free fix for
concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix
UAF in destroy()")) as cache_dtr is not changed.

kernel.org https://git.kernel.org/stable/c/135496c208ba26fd68cdef10b64ed7a91ac9a7ff [No types assigned]

kernel.org https://git.kernel.org/stable/c/5a754d3c771280f2d06bf8ab716d6a0d36ca256e [No types assigned]

kernel.org https://git.kernel.org/stable/c/8cc12dab635333c4ea28e72d7b947be7d0543c2c [No types assigned]

kernel.org https://git.kernel.org/stable/c/aee3ecda73ce13af7c3e556383342b57e6bd0718 [No types assigned]