CVE-2024-26758

CVE Details

Release Date:

2024-04-03

Description

In the Linux kernel, the following vulnerability has been resolved:\nmd: Don't ignore suspended array in md_check_recovery()\nmddev_suspend() never stop sync_thread, hence it doesn't make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can't be unregistered.\nAfter commit f52f5c71f3d4 ('md: fix stopping sync thread'), following\nhang can be triggered by test shell/integrity-caching.sh:\n1) suspend the array:\nraid_postsuspend\nmddev_suspend\n2) stop the array:\nraid_dtr\nmd_stop\n__md_stop_writes\nstop_sync_thread\nset_bit(MD_RECOVERY_INTR, &mddev->recovery);\nmd_wakeup_thread_directly(mddev->sync_thread);\nwait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))\n3) sync thread done:\nmd_do_sync\nset_bit(MD_RECOVERY_DONE, &mddev->recovery);\nmd_wakeup_thread(mddev->thread);\n4) daemon thread can't unregister sync thread:\nmd_check_recovery\nif (mddev->suspended)\nreturn; -> return directly\nmd_read_sync_thread\nclear_bit(MD_RECOVERY_RUNNING, &mddev->recovery);\n-> MD_RECOVERY_RUNNING can't be cleared, hence step 2 hang;\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend.

See more information about CVE-2024-26758 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.4	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	High	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14