ghsa-93q3-24jj-x39c
Vulnerability from github
Published
2024-05-01 15:30
Modified
2024-05-01 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

md: Fix missing release of 'active_io' for flush

submit_flushes atomic_set(&mddev->flush_pending, 1); rdev_for_each_rcu(rdev, mddev) atomic_inc(&mddev->flush_pending); bi->bi_end_io = md_end_flush submit_bio(bi); / flush io is done first / md_end_flush if (atomic_dec_and_test(&mddev->flush_pending)) percpu_ref_put(&mddev->active_io) -> active_io is not released

if (atomic_dec_and_test(&mddev->flush_pending)) -> missing release of active_io

For consequence, mddev_suspend() will wait for 'active_io' to be zero forever.

Fix this problem by releasing 'active_io' in submit_flushes() if 'flush_pending' is decreased to zero.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-27023"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T13:15:48Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Fix missing release of \u0027active_io\u0027 for flush\n\nsubmit_flushes\n atomic_set(\u0026mddev-\u003eflush_pending, 1);\n rdev_for_each_rcu(rdev, mddev)\n  atomic_inc(\u0026mddev-\u003eflush_pending);\n  bi-\u003ebi_end_io = md_end_flush\n  submit_bio(bi);\n                        /* flush io is done first */\n                        md_end_flush\n                         if (atomic_dec_and_test(\u0026mddev-\u003eflush_pending))\n                          percpu_ref_put(\u0026mddev-\u003eactive_io)\n                          -\u003e active_io is not released\n\n if (atomic_dec_and_test(\u0026mddev-\u003eflush_pending))\n  -\u003e missing release of active_io\n\nFor consequence, mddev_suspend() will wait for \u0027active_io\u0027 to be zero\nforever.\n\nFix this problem by releasing \u0027active_io\u0027 in submit_flushes() if\n\u0027flush_pending\u0027 is decreased to zero.",
  "id": "GHSA-93q3-24jj-x39c",
  "modified": "2024-05-01T15:30:34Z",
  "published": "2024-05-01T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27023"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/02dad157ba11064d073f5499dc33552b227d5d3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11f81438927f84edfaaeb5d5f10856c3a1c1fc82"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b2ff10390b19a2364af622b6666b690443f9f3f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/855678ed8534518e2b428bcbcec695de9ba248e8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.