Stay Connected:

CVE-2024-38598

CVE Details

Release Date:2024-06-19

Description


In the Linux kernel, the following vulnerability has been resolved:\nmd: fix resync softlockup when bitmap size is less than array size\nIs is reported that for dm-raid10, lvextend + lvchange --syncaction will\ntrigger following softlockup:\nkernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]\nCPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1\nRIP: 0010:_raw_spin_unlock_irq+0x13/0x30\nCall Trace:\n\nmd_bitmap_start_sync+0x6b/0xf0\nraid10_sync_request+0x25c/0x1b40 [raid10]\nmd_do_sync+0x64b/0x1020\nmd_thread+0xa7/0x170\nkthread+0xcf/0x100\nret_from_fork+0x30/0x50\nret_from_fork_asm+0x1a/0x30\nAnd the detailed process is as follows:\nmd_do_sync\nj = mddev->resync_min\nwhile (j < max_sectors)\nsectors = raid10_sync_request(mddev, j, &skipped)\nif (!md_bitmap_start_sync(..., &sync_blocks))\n// md_bitmap_start_sync set sync_blocks to 0\nreturn sync_blocks + sectors_skippe;\n// sectors = 0;\nj += sectors;\n// j never change\nRoot cause is that commit 301867b1c168 ('md/raid10: check\nslab-out-of-bounds in md_bitmap_get_counter') return early from\nmd_bitmap_get_counter(), without setting returned blocks.\nFix this problem by always set returned blocks from\nmd_bitmap_get_counter'(), as it used to be.\nNoted that this patch just fix the softlockup problem in kernel, the\ncase that bitmap size doesn't match array size still need to be fixed.

See more information about CVE-2024-38598 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 5.5 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector: Local network Attack Complexity: Low
Privileges Required: Low User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (kernel-uek)ELSA-2024-125812024-08-12
Oracle Linux version 7 (kernel-uek-container)ELSA-2024-125852024-08-12
Oracle Linux version 8 (kernel)ELSA-2024-51012024-08-08
Oracle Linux version 8 (kernel-uek)ELSA-2024-125812024-08-12
Oracle Linux version 8 (kernel-uek-container)ELSA-2024-125842024-08-12


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights