CVE-2024-27023

md: Fix missing release of 'active_io' for flush

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

md: Fix missing release of 'active_io' for flush

submit_flushes
atomic_set(&mddev->flush_pending, 1);
rdev_for_each_rcu(rdev, mddev)
atomic_inc(&mddev->flush_pending);
bi->bi_end_io = md_end_flush
submit_bio(bi);
/* flush io is done first */
md_end_flush
if (atomic_dec_and_test(&mddev->flush_pending))
percpu_ref_put(&mddev->active_io)
-> active_io is not released

if (atomic_dec_and_test(&mddev->flush_pending))
-> missing release of active_io

For consequence, mddev_suspend() will wait for 'active_io' to be zero
forever.

Fix this problem by releasing 'active_io' in submit_flushes() if
'flush_pending' is decreased to zero.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: md: Se corrigió la versión faltante de 'active_io' para descarga submit_flushes atomic_set(&mddev->flush_pending, 1); rdev_for_each_rcu(rdev, mddev) atomic_inc(&mddev->flush_pending); bi->bi_end_io = md_end_flush submit_bio(bi); /* purgar io se realiza primero */ md_end_flush if (atomic_dec_and_test(&mddev->flush_pending)) percpu_ref_put(&mddev->active_io) -> active_io no se publica si (atomic_dec_and_test(&mddev->flush_pending)) -> falta la versión de active_io para Como consecuencia, mddev_suspend() esperará a que 'active_io' sea cero para siempre. Solucione este problema liberando 'active_io' en submit_flushes() si 'flush_pending' se reduce a cero.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2024-05-02 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/f9f2d957a8ea93c73182aebf7de30935a58c027d	Vuln. Introduced
https://git.kernel.org/stable/c/530cec617f5a8ba6f26bcbf0d64d75c951d17730	Vuln. Introduced
https://git.kernel.org/stable/c/c4c2345214b66e2505a26fd2ea58839dd7a1d48d	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/6b2ff10390b19a2364af622b6666b690443f9f3f	2024-03-01
https://git.kernel.org/stable/c/02dad157ba11064d073f5499dc33552b227d5d3a	2024-03-01
https://git.kernel.org/stable/c/11f81438927f84edfaaeb5d5f10856c3a1c1fc82	2024-03-01
https://git.kernel.org/stable/c/855678ed8534518e2b428bcbcec695de9ba248e8	2024-02-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.75 < 6.1.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.75 < 6.1.80"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.14 < 6.6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.14 < 6.6.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7.2 < 6.7.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7.2 < 6.7.7"		en		Affected