// For flags

CVE-2024-38598

md: fix resync softlockup when bitmap size is less than array size

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

md: fix resync softlockup when bitmap size is less than array size

Is is reported that for dm-raid10, lvextend + lvchange --syncaction will
trigger following softlockup:

kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]
CPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1
RIP: 0010:_raw_spin_unlock_irq+0x13/0x30
Call Trace:
<TASK>
md_bitmap_start_sync+0x6b/0xf0
raid10_sync_request+0x25c/0x1b40 [raid10]
md_do_sync+0x64b/0x1020
md_thread+0xa7/0x170
kthread+0xcf/0x100
ret_from_fork+0x30/0x50
ret_from_fork_asm+0x1a/0x30

And the detailed process is as follows:

md_do_sync
j = mddev->resync_min
while (j < max_sectors)
sectors = raid10_sync_request(mddev, j, &skipped)
if (!md_bitmap_start_sync(..., &sync_blocks))
// md_bitmap_start_sync set sync_blocks to 0
return sync_blocks + sectors_skippe;
// sectors = 0;
j += sectors;
// j never change

Root cause is that commit 301867b1c168 ("md/raid10: check
slab-out-of-bounds in md_bitmap_get_counter") return early from
md_bitmap_get_counter(), without setting returned blocks.

Fix this problem by always set returned blocks from
md_bitmap_get_counter"(), as it used to be.

Noted that this patch just fix the softlockup problem in kernel, the
case that bitmap size doesn't match array size still need to be fixed.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: md: corrige el bloqueo suave de resincronización cuando el tamaño del mapa de bits es menor que el tamaño de la matriz. Se informa que para dm-raid10, lvextend + lvchange --syncaction activará el siguiente bloqueo suave: kernel:watchdog: ERROR : bloqueo suave - ¡CPU n.° 3 bloqueada durante 26 segundos! [mdX_resync:6976] CPU: 7 PID: 3588 Comm: mdX_resync Kdump: cargado No contaminado 6.9.0-rc4-next-20240419 #1 RIP: 0010:_raw_spin_unlock_irq+0x13/0x30 Seguimiento de llamadas: md_bitmap_start_sync+0x6b/0xf0 raid10_sync_request+0x25c/0x1b40 [raid10] md_do_sync+0x64b/0x1020 md_thread+0xa7/0x170 kthread+0xcf/0x100 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1a/0x30 Y el proceso detallado es el siguiente: _sync j = mddev-&gt;resync_min mientras ( j &lt; max_sectors) sectores = raid10_sync_request(mddev, j, &amp;skipped) if (!md_bitmap_start_sync(..., &amp;sync_blocks)) // md_bitmap_start_sync establece sync_blocks en 0 return sync_blocks + sectores_skippe; // sectores = 0; j += sectores; // j nunca cambia La causa principal es que el commit 301867b1c168 ("md/raid10: check slab-out-of-bounds in md_bitmap_get_counter") regresa antes de md_bitmap_get_counter(), sin configurar los bloques devueltos. Solucione este problema estableciendo siempre los bloques devueltos desde md_bitmap_get_counter"(), como solía ser. Tenga en cuenta que este parche solo soluciona el problema de bloqueo suave en el kernel, el caso de que el tamaño del mapa de bits no coincida con el tamaño de la matriz aún debe solucionarse.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-06-18 CVE Reserved
  • 2024-06-19 CVE Published
  • 2024-08-28 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-667: Improper Locking
CAPEC
References (19)
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.19.291 < 4.19.316
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.291 < 4.19.316"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.4.251 < 5.4.278
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.251 < 5.4.278"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.10.188 < 5.10.219
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.188 < 5.10.219"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.15.121 < 5.15.161
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.121 < 5.15.161"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1.39 < 6.1.93
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.39 < 6.1.93"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.5 < 6.6.33
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.6.33"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.5 < 6.8.12
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.8.12"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.5 < 6.9.3
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.9.3"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.5 < 6.10
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.10"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
6.3.13
Search vendor "Linux" for product "Linux Kernel" and version "6.3.13"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
6.4.4
Search vendor "Linux" for product "Linux Kernel" and version "6.4.4"
en
Affected