CVE-2024-38598
md: fix resync softlockup when bitmap size is less than array size
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
md: fix resync softlockup when bitmap size is less than array size
Is is reported that for dm-raid10, lvextend + lvchange --syncaction will
trigger following softlockup:
kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]
CPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1
RIP: 0010:_raw_spin_unlock_irq+0x13/0x30
Call Trace:
<TASK>
md_bitmap_start_sync+0x6b/0xf0
raid10_sync_request+0x25c/0x1b40 [raid10]
md_do_sync+0x64b/0x1020
md_thread+0xa7/0x170
kthread+0xcf/0x100
ret_from_fork+0x30/0x50
ret_from_fork_asm+0x1a/0x30
And the detailed process is as follows:
md_do_sync
j = mddev->resync_min
while (j < max_sectors)
sectors = raid10_sync_request(mddev, j, &skipped)
if (!md_bitmap_start_sync(..., &sync_blocks))
// md_bitmap_start_sync set sync_blocks to 0
return sync_blocks + sectors_skippe;
// sectors = 0;
j += sectors;
// j never change
Root cause is that commit 301867b1c168 ("md/raid10: check
slab-out-of-bounds in md_bitmap_get_counter") return early from
md_bitmap_get_counter(), without setting returned blocks.
Fix this problem by always set returned blocks from
md_bitmap_get_counter"(), as it used to be.
Noted that this patch just fix the softlockup problem in kernel, the
case that bitmap size doesn't match array size still need to be fixed.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: md: corrige el bloqueo suave de resincronización cuando el tamaño del mapa de bits es menor que el tamaño de la matriz. Se informa que para dm-raid10, lvextend + lvchange --syncaction activará el siguiente bloqueo suave: kernel:watchdog: ERROR : bloqueo suave - ¡CPU n.° 3 bloqueada durante 26 segundos! [mdX_resync:6976] CPU: 7 PID: 3588 Comm: mdX_resync Kdump: cargado No contaminado 6.9.0-rc4-next-20240419 #1 RIP: 0010:_raw_spin_unlock_irq+0x13/0x30 Seguimiento de llamadas: md_bitmap_start_sync+0x6b/0xf0 raid10_sync_request+0x25c/0x1b40 [raid10] md_do_sync+0x64b/0x1020 md_thread+0xa7/0x170 kthread+0xcf/0x100 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1a/0x30 Y el proceso detallado es el siguiente: _sync j = mddev->resync_min mientras ( j < max_sectors) sectores = raid10_sync_request(mddev, j, &skipped) if (!md_bitmap_start_sync(..., &sync_blocks)) // md_bitmap_start_sync establece sync_blocks en 0 return sync_blocks + sectores_skippe; // sectores = 0; j += sectores; // j nunca cambia La causa principal es que el commit 301867b1c168 ("md/raid10: check slab-out-of-bounds in md_bitmap_get_counter") regresa antes de md_bitmap_get_counter(), sin configurar los bloques devueltos. Solucione este problema estableciendo siempre los bloques devueltos desde md_bitmap_get_counter"(), como solía ser. Tenga en cuenta que este parche solo soluciona el problema de bloqueo suave en el kernel, el caso de que el tamaño del mapa de bits no coincida con el tamaño de la matriz aún debe solucionarse.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-18 CVE Reserved
- 2024-06-19 CVE Published
- 2024-08-28 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-667: Improper Locking
CAPEC
References (19)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/374fb914304d9b500721007f3837ea8f1f9a2418 | Vuln. Introduced | |
https://git.kernel.org/stable/c/b0b971fe7d61411ede63c3291764dbde1577ef2c | Vuln. Introduced | |
https://git.kernel.org/stable/c/39fa14e824acfd470db4f42c354297456bd82b53 | Vuln. Introduced | |
https://git.kernel.org/stable/c/a134dd582c0d5b6068efa308bd485cf1d00b3f65 | Vuln. Introduced | |
https://git.kernel.org/stable/c/be1a3ec63a840cc9e59a033acf154f56255699a1 | Vuln. Introduced | |
https://git.kernel.org/stable/c/301867b1c16805aebbc306aafa6ecdc68b73c7e5 | Vuln. Introduced | |
https://git.kernel.org/stable/c/152bb26796ff054af50b2ee1b3ca56e364e4f61b | Vuln. Introduced | |
https://git.kernel.org/stable/c/bea301c046110bf421a3ce153fb868cb8d618e90 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-38598 | 2024-11-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2293367 | 2024-11-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.19.291 < 4.19.316 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.291 < 4.19.316" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4.251 < 5.4.278 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.251 < 5.4.278" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.188 < 5.10.219 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.188 < 5.10.219" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.121 < 5.15.161 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.121 < 5.15.161" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.39 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.39 < 6.1.93" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.6.33" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.8.12" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.9.3" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.10" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.3.13 Search vendor "Linux" for product "Linux Kernel" and version "6.3.13" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.4.4 Search vendor "Linux" for product "Linux Kernel" and version "6.4.4" | en |
Affected
|