ghsa-vpr8-93r8-xj35
Vulnerability from github
Published
2024-05-20 12:30
Modified
2024-05-20 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

block: fix q->blkg_list corruption during disk rebind

Multiple gendisk instances can allocated/added for single request queue in case of disk rebind. blkg may still stay in q->blkg_list when calling blkcg_init_disk() for rebind, then q->blkg_list becomes corrupted.

Fix the list corruption issue by:

  • add blkg_init_queue() to initialize q->blkg_list & q->blkcg_mutex only
  • move calling blkg_init_queue() into blk_alloc_queue()

The list corruption should be started since commit f1c006f1c685 ("blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()") which delays removing blkg from q->blkg_list into blkg_free_workfn().

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-35974"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-20T10:15:12Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix q-\u003eblkg_list corruption during disk rebind\n\nMultiple gendisk instances can allocated/added for single request queue\nin case of disk rebind. blkg may still stay in q-\u003eblkg_list when calling\nblkcg_init_disk() for rebind, then q-\u003eblkg_list becomes corrupted.\n\nFix the list corruption issue by:\n\n- add blkg_init_queue() to initialize q-\u003eblkg_list \u0026 q-\u003eblkcg_mutex only\n- move calling blkg_init_queue() into blk_alloc_queue()\n\nThe list corruption should be started since commit f1c006f1c685 (\"blk-cgroup:\nsynchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()\")\nwhich delays removing blkg from q-\u003eblkg_list into blkg_free_workfn().",
  "id": "GHSA-vpr8-93r8-xj35",
  "modified": "2024-05-20T12:30:29Z",
  "published": "2024-05-20T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35974"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/740ffad95ca8033bd6e080ed337655b13b4d38ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/858c489d81d659af17a4d11cfaad2afb42e47a76"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8b8ace080319a866f5dfe9da8e665ae51d971c54"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.