cve-2024-26755
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-08 21:17
Summary
md: Don't suspend the array for interrupted reshape
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T18:11:19.922447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T21:17:47.641Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.228Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/60d6130d0ac1d883ed93c2a1e10aadb60967fd48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9e46c70e829bddc24e04f963471e9983a11598b7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/md.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "60d6130d0ac1",
              "status": "affected",
              "version": "bc08041b32ab",
              "versionType": "git"
            },
            {
              "lessThan": "9e46c70e829b",
              "status": "affected",
              "version": "bc08041b32ab",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/md.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t suspend the array for interrupted reshape\n\nmd_start_sync() will suspend the array if there are spares that can be\nadded or removed from conf, however, if reshape is still in progress,\nthis won\u0027t happen at all or data will be corrupted(remove_and_add_spares\nwon\u0027t be called from md_choose_sync_action for reshape), hence there is\nno need to suspend the array if reshape is not done yet.\n\nMeanwhile, there is a potential deadlock for raid456:\n\n1) reshape is interrupted;\n\n2) set one of the disk WantReplacement, and add a new disk to the array,\n   however, recovery won\u0027t start until the reshape is finished;\n\n3) then issue an IO across reshpae position, this IO will wait for\n   reshape to make progress;\n\n4) continue to reshape, then md_start_sync() found there is a spare disk\n   that can be added to conf, mddev_suspend() is called;\n\nStep 4 and step 3 is waiting for each other, deadlock triggered. Noted\nthis problem is found by code review, and it\u0027s not reporduced yet.\n\nFix this porblem by don\u0027t suspend the array for interrupted reshape,\nthis is safe because conf won\u0027t be changed until reshape is done."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:15:09.282Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/60d6130d0ac1d883ed93c2a1e10aadb60967fd48"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e46c70e829bddc24e04f963471e9983a11598b7"
        }
      ],
      "title": "md: Don\u0027t suspend the array for interrupted reshape",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26755",
    "datePublished": "2024-04-03T17:00:39.888Z",
    "dateReserved": "2024-02-19T14:20:24.170Z",
    "dateUpdated": "2024-11-08T21:17:47.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26755\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-03T17:15:52.103\",\"lastModified\":\"2024-11-08T22:35:06.080\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmd: Don\u0027t suspend the array for interrupted reshape\\n\\nmd_start_sync() will suspend the array if there are spares that can be\\nadded or removed from conf, however, if reshape is still in progress,\\nthis won\u0027t happen at all or data will be corrupted(remove_and_add_spares\\nwon\u0027t be called from md_choose_sync_action for reshape), hence there is\\nno need to suspend the array if reshape is not done yet.\\n\\nMeanwhile, there is a potential deadlock for raid456:\\n\\n1) reshape is interrupted;\\n\\n2) set one of the disk WantReplacement, and add a new disk to the array,\\n   however, recovery won\u0027t start until the reshape is finished;\\n\\n3) then issue an IO across reshpae position, this IO will wait for\\n   reshape to make progress;\\n\\n4) continue to reshape, then md_start_sync() found there is a spare disk\\n   that can be added to conf, mddev_suspend() is called;\\n\\nStep 4 and step 3 is waiting for each other, deadlock triggered. Noted\\nthis problem is found by code review, and it\u0027s not reporduced yet.\\n\\nFix this porblem by don\u0027t suspend the array for interrupted reshape,\\nthis is safe because conf won\u0027t be changed until reshape is done.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: md: No suspender la matriz por remodelaci\u00f3n interrumpida md_start_sync() suspender\u00e1 la matriz si hay repuestos que se pueden agregar o eliminar de conf, sin embargo, si la remodelaci\u00f3n a\u00fan est\u00e1 en marcha progreso, esto no suceder\u00e1 en absoluto o los datos se da\u00f1ar\u00e1n (no se llamar\u00e1 a remove_and_add_spares desde md_choose_sync_action para remodelar), por lo tanto, no hay necesidad de suspender la matriz si la remodelaci\u00f3n a\u00fan no se ha realizado. Mientras tanto, existe un posible punto muerto para raid456: 1) se interrumpe la remodelaci\u00f3n; 2) configure uno de los discos WantReplacement y agregue un nuevo disco a la matriz; sin embargo, la recuperaci\u00f3n no comenzar\u00e1 hasta que finalice la remodelaci\u00f3n; 3) luego emita una IO a trav\u00e9s de la posici\u00f3n de reshpae, esta IO esperar\u00e1 a que la remodelaci\u00f3n avance; 4) contin\u00fae remodelando, luego md_start_sync() encontr\u00f3 que hay un disco de repuesto que se puede agregar a conf, se llama a mddev_suspend(); Los pasos 4 y 3 se esperan el uno al otro y se activa el punto muerto. Observ\u00e9 que este problema se encuentra mediante la revisi\u00f3n del c\u00f3digo y a\u00fan no se ha informado. Solucione este problema al no suspender la matriz durante una remodelaci\u00f3n interrumpida, esto es seguro porque la configuraci\u00f3n no se cambiar\u00e1 hasta que finalice la remodelaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/60d6130d0ac1d883ed93c2a1e10aadb60967fd48\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9e46c70e829bddc24e04f963471e9983a11598b7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.