CVE-2024-26899

CVE Details

Release Date:

2024-04-17

Description

In the Linux kernel, the following vulnerability has been resolved:\nblock: fix deadlock between bd_link_disk_holder and partition scan\n'open_mutex' of gendisk is used to protect open/close block devices. But\nin bd_link_disk_holder(), it is used to protect the creation of symlink\nbetween holding disk and slave bdev, which introduces some issues.\nWhen bd_link_disk_holder() is called, the driver is usually in the process\nof initialization/modification and may suspend submitting io. At this\ntime, any io hold 'open_mutex', such as scanning partitions, can cause\ndeadlocks. For example, in raid:\nT1 T2\nbdev_open_by_dev\nlock open_mutex [1]\n...\nefi_partition\n...\nmd_submit_bio\nmd_ioctl mddev_syspend\n-> suspend all io\nmd_add_new_disk\nbind_rdev_to_array\nbd_link_disk_holder\ntry lock open_mutex [2]\nmd_handle_request\n-> wait mddev_resume\nT1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume\nmddev, but T2 waits for open_mutex held by T1. Deadlock occurs.\nFix it by introducing a local mutex 'blk_holder_mutex' to replace\n'open_mutex'.

See more information about CVE-2024-26899 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.4	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	High	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14