csaf_microsoft - msrc_cve-2024-35794

MSRC_CVE-2024-35794

Vulnerability from csaf_microsoft - Published: 2024-05-02 07:00 - Updated: 2025-12-07 01:36

Summary

dm-raid: really frozen sync_thread during suspend

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2024-35794 dm-raid: really frozen sync_thread during suspend - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-35794.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "dm-raid: really frozen sync_thread during suspend",
    "tracking": {
      "current_release_date": "2025-12-07T01:36:12.000Z",
      "generator": {
        "date": "2025-12-07T10:04:23.712Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2024-35794",
      "initial_release_date": "2024-05-02T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-09-11T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2025-12-07T01:36:12.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1",
                "product": {
                  "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1",
                  "product_id": "8"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 hyperv-daemons 6.6.35.1-1",
                "product": {
                  "name": "azl3 hyperv-daemons 6.6.35.1-1",
                  "product_id": "16989"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 hyperv-daemons 6.6.22.1-2",
                "product": {
                  "name": "\u003cazl3 hyperv-daemons 6.6.22.1-2",
                  "product_id": "6"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 hyperv-daemons 6.6.22.1-2",
                "product": {
                  "name": "azl3 hyperv-daemons 6.6.22.1-2",
                  "product_id": "17785"
                }
              }
            ],
            "category": "product_name",
            "name": "hyperv-daemons"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 kernel 6.6.96.2-2",
                "product": {
                  "name": "azl3 kernel 6.6.96.2-2",
                  "product_id": "4"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 kernel 5.15.186.1-1",
                "product": {
                  "name": "cbl2 kernel 5.15.186.1-1",
                  "product_id": "7"
                }
              },
              {
                "category": "product_version_range",
                "name": "azl3 kernel 6.6.104.2-4",
                "product": {
                  "name": "azl3 kernel 6.6.104.2-4",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version_range",
                "name": "azl3 kernel 6.6.112.1-2",
                "product": {
                  "name": "azl3 kernel 6.6.112.1-2",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version_range",
                "name": "azl3 kernel 6.6.117.1-1",
                "product": {
                  "name": "azl3 kernel 6.6.117.1-1",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1 as a component of Azure Linux 3.0",
          "product_id": "17084-8"
        },
        "product_reference": "8",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 hyperv-daemons 6.6.35.1-1 as a component of Azure Linux 3.0",
          "product_id": "16989-17084"
        },
        "product_reference": "16989",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 6.6.96.2-2 as a component of Azure Linux 3.0",
          "product_id": "17084-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 kernel 5.15.186.1-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-7"
        },
        "product_reference": "7",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 6.6.104.2-4 as a component of Azure Linux 3.0",
          "product_id": "17084-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 6.6.112.1-2 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 6.6.117.1-1 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 hyperv-daemons 6.6.22.1-2 as a component of Azure Linux 3.0",
          "product_id": "17084-6"
        },
        "product_reference": "6",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 hyperv-daemons 6.6.22.1-2 as a component of Azure Linux 3.0",
          "product_id": "17785-17084"
        },
        "product_reference": "17785",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-35794",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "16989-17084",
          "17785-17084"
        ],
        "known_affected": [
          "17084-8",
          "17084-4",
          "17086-7",
          "17084-3",
          "17084-2",
          "17084-1",
          "17084-6"
        ],
        "under_investigation": [
          "17084-5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-35794 dm-raid: really frozen sync_thread during suspend - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-35794.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2024-09-11T00:00:00.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-4"
          ]
        },
        {
          "category": "none_available",
          "date": "2024-09-11T00:00:00.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-7"
          ]
        },
        {
          "category": "none_available",
          "date": "2024-09-11T00:00:00.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-3"
          ]
        },
        {
          "category": "none_available",
          "date": "2024-09-11T00:00:00.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-2"
          ]
        },
        {
          "category": "none_available",
          "date": "2024-09-11T00:00:00.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-1"
          ]
        },
        {
          "category": "vendor_fix",
          "date": "2024-09-11T00:00:00.000Z",
          "details": "6.6.35.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-8",
            "17084-6"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "dm-raid: really frozen sync_thread during suspend"
    }
  ]
}

CVE-2024-35794 (GCVE-0-2024-35794)

Vulnerability from cvelistv5 – Published: 2024-05-17 12:25 – Updated: 2025-05-04 09:05

Title

dm-raid: really frozen sync_thread during suspend

Summary

In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend 1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove MD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize that dm-raid relies on __md_stop_writes() to frozen sync_thread indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in md_stop_writes(), and since stop_sync_thread() is only used for dm-raid in this case, also move stop_sync_thread() to md_stop_writes(). 2) The flag MD_RECOVERY_FROZEN doesn't mean that sync thread is frozen, it only prevent new sync_thread to start, and it can't stop the running sync thread; In order to frozen sync_thread, after seting the flag, stop_sync_thread() should be used. 3) The flag MD_RECOVERY_FROZEN doesn't mean that writes are stopped, use it as condition for md_stop_writes() in raid_postsuspend() doesn't look correct. Consider that reentrant stop_sync_thread() do nothing, always call md_stop_writes() in raid_postsuspend(). 4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime, and if MD_RECOVERY_FROZEN is cleared while the array is suspended, new sync_thread can start unexpected. Fix this by disallow raid_message() to change sync_thread status during suspend. Note that after commit f52f5c71f3d4 ("md: fix stopping sync thread"), the test shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(), and with previous fixes, the test won't hang there anymore, however, the test will still fail and complain that ext4 is corrupted. And with this patch, the test won't hang due to stop_sync_thread() or fail due to ext4 is corrupted anymore. However, there is still a deadlock related to dm-raid456 that will be fixed in following patches.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/af916cb66a80597f3…
	https://git.kernel.org/stable/c/eaa8fc9b092837cf2…
	https://git.kernel.org/stable/c/16c4770c75b122399…

Impacted products

Vendor

Product

Version

Linux

Affected: 9dbd1aa3a81c6166608fec87994b6c464701f73a , < af916cb66a80597f3523bc85812e790bcdcfd62b (git)
Affected: 9dbd1aa3a81c6166608fec87994b6c464701f73a , < eaa8fc9b092837cf2c754bde1a15d784ce9a85ab (git)
Affected: 9dbd1aa3a81c6166608fec87994b6c464701f73a , < 16c4770c75b1223998adbeb7286f9a15c65fba73 (git)

Linux

Affected: 4.8
Unaffected: 0 , < 4.8 (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35794",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:13:16.470118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:11.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af916cb66a80597f3523bc85812e790bcdcfd62b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eaa8fc9b092837cf2c754bde1a15d784ce9a85ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16c4770c75b1223998adbeb7286f9a15c65fba73"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-raid.c",
            "drivers/md/md.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "af916cb66a80597f3523bc85812e790bcdcfd62b",
              "status": "affected",
              "version": "9dbd1aa3a81c6166608fec87994b6c464701f73a",
              "versionType": "git"
            },
            {
              "lessThan": "eaa8fc9b092837cf2c754bde1a15d784ce9a85ab",
              "status": "affected",
              "version": "9dbd1aa3a81c6166608fec87994b6c464701f73a",
              "versionType": "git"
            },
            {
              "lessThan": "16c4770c75b1223998adbeb7286f9a15c65fba73",
              "status": "affected",
              "version": "9dbd1aa3a81c6166608fec87994b6c464701f73a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-raid.c",
            "drivers/md/md.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: really frozen sync_thread during suspend\n\n1) commit f52f5c71f3d4 (\"md: fix stopping sync thread\") remove\n   MD_RECOVERY_FROZEN from __md_stop_writes() and doesn\u0027t realize that\n   dm-raid relies on __md_stop_writes() to frozen sync_thread\n   indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in\n   md_stop_writes(), and since stop_sync_thread() is only used for\n   dm-raid in this case, also move stop_sync_thread() to\n   md_stop_writes().\n2) The flag MD_RECOVERY_FROZEN doesn\u0027t mean that sync thread is frozen,\n   it only prevent new sync_thread to start, and it can\u0027t stop the\n   running sync thread; In order to frozen sync_thread, after seting the\n   flag, stop_sync_thread() should be used.\n3) The flag MD_RECOVERY_FROZEN doesn\u0027t mean that writes are stopped, use\n   it as condition for md_stop_writes() in raid_postsuspend() doesn\u0027t\n   look correct. Consider that reentrant stop_sync_thread() do nothing,\n   always call md_stop_writes() in raid_postsuspend().\n4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime,\n   and if MD_RECOVERY_FROZEN is cleared while the array is suspended,\n   new sync_thread can start unexpected. Fix this by disallow\n   raid_message() to change sync_thread status during suspend.\n\nNote that after commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), the\ntest shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(),\nand with previous fixes, the test won\u0027t hang there anymore, however, the\ntest will still fail and complain that ext4 is corrupted. And with this\npatch, the test won\u0027t hang due to stop_sync_thread() or fail due to ext4\nis corrupted anymore. However, there is still a deadlock related to\ndm-raid456 that will be fixed in following patches."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:05:33.895Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/af916cb66a80597f3523bc85812e790bcdcfd62b"
        },
        {
          "url": "https://git.kernel.org/stable/c/eaa8fc9b092837cf2c754bde1a15d784ce9a85ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/16c4770c75b1223998adbeb7286f9a15c65fba73"
        }
      ],
      "title": "dm-raid: really frozen sync_thread during suspend",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35794",
    "datePublished": "2024-05-17T12:25:00.111Z",
    "dateReserved": "2024-05-17T12:19:12.339Z",
    "dateUpdated": "2025-05-04T09:05:33.895Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

MSRC_CVE-2024-35794

CVE-2024-35794 (GCVE-0-2024-35794)

Tags

Sightings

Nomenclature