CVE-2024-50250

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: The issue is related to the fsdax feature in the Linux kernel, where the dax unshare iter function needs to copy entire blocks. The code that copies data from srcmap to iomap in dax unshare iter is broken, which can lead to data corruption and confidentiality breaches. Specifically, if the pos and len passed to dax file unshare are not aligned to an fsblock boundary, the iter pos and length in the iter function will reflect this unalignment, causing data corruption. Additionally, if iter->pos + iomap length() in the iter function is not aligned to a page, then only a partial block will be copied, exposing stale pmem contents. The issue is fixed by aligning copy pos/copy len to a page boundary.

Recommendations: To resolve the issue, update to Linux kernel version 6.6.61 or later. As a temporary workaround, consider restricting access to the dax unshare iter function until a patch is available. Additionally, be cautious when using the dax file unshare function, ensuring that the pos and len arguments are properly aligned to an fsblock boundary.