CVE-2024-26880

CVE Details

Release Date:

2024-04-17

Description

In the Linux kernel, the following vulnerability has been resolved:\ndm: call the resume method on internal suspend\nThere is this reported crash when experimenting with the lvm2 testsuite.\nThe list corruption is caused by the fact that the postsuspend and resume\nmethods were not paired correctly; there were two consecutive calls to the\norigin_postsuspend function. The second call attempts to remove the\n'hash_list' entry from a list, while it was already removed by the first\ncall.\nFix __dm_internal_resume so that it calls the preresume and resume\nmethods of the table's targets.\nIf a preresume method of some target fails, we are in a tricky situation.\nWe can't return an error because dm_internal_resume isn't supposed to\nreturn errors. We can't return success, because then the 'resume' and\n'postsuspend' methods would not be paired correctly. So, we set the\nDMF_SUSPENDED flag and we fake normal suspend - it may confuse userspace\ntools, but it won't cause a kernel crash.\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:56!\ninvalid opcode: 0000 [#1] PREEMPT SMP\nCPU: 1 PID: 8343 Comm: dmsetup Not tainted 6.8.0-rc6 #4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nRIP: 0010:__list_del_entry_valid_or_report+0x77/0xc0\n\nRSP: 0018:ffff8881b831bcc0 EFLAGS: 00010282\nRAX: 000000000000004e RBX: ffff888143b6eb80 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: ffffffff819053d0 RDI: 00000000ffffffff\nRBP: ffff8881b83a3400 R08: 00000000fffeffff R09: 0000000000000058\nR10: 0000000000000000 R11: ffffffff81a24080 R12: 0000000000000001\nR13: ffff88814538e000 R14: ffff888143bc6dc0 R15: ffffffffa02e4bb0\nFS: 00000000f7c0f780(0000) GS:ffff8893f0a40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 002b ES: 002b CR0: 0000000080050033\nCR2: 0000000057fb5000 CR3: 0000000143474000 CR4: 00000000000006b0\nCall Trace:\n\n? die+0x2d/0x80\n? do_trap+0xeb/0xf0\n? __list_del_entry_valid_or_report+0x77/0xc0\n? do_error_trap+0x60/0x80\n? __list_del_entry_valid_or_report+0x77/0xc0\n? exc_invalid_op+0x49/0x60\n? __list_del_entry_valid_or_report+0x77/0xc0\n? asm_exc_invalid_op+0x16/0x20\n? table_deps+0x1b0/0x1b0 [dm_mod]\n? __list_del_entry_valid_or_report+0x77/0xc0\norigin_postsuspend+0x1a/0x50 [dm_snapshot]\ndm_table_postsuspend_targets+0x34/0x50 [dm_mod]\ndm_suspend+0xd8/0xf0 [dm_mod]\ndev_suspend+0x1f2/0x2f0 [dm_mod]\n? table_deps+0x1b0/0x1b0 [dm_mod]\nctl_ioctl+0x300/0x5f0 [dm_mod]\ndm_compat_ctl_ioctl+0x7/0x10 [dm_mod]\n__x64_compat_sys_ioctl+0x104/0x170\ndo_syscall_64+0x184/0x1b0\nentry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0xf7e6aead\n\n---[ end trace 0000000000000000 ]---

See more information about CVE-2024-26880 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.4	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	High	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 6 (kernel-uek)	ELSA-2024-12606	2024-09-02
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12606	2024-09-02
Oracle Linux version 9 (kernel)	ELSA-2024-4928	2024-07-31
Oracle VM version 3 (kernel-uek)	OVMSA-2024-0011	2024-09-03