CVE-2023-53848

Summary

In the Linux kernel, the following vulnerability has been resolved:

md/raid5-cache: fix a deadlock in r5l_exit_log()

Commit b13015af94cf ("md/raid5-cache: Clear conf->log after finishing work") introduce a new problem:

// caller hold reconfig_mutex r5l_exit_log flush_work(&log->disable_writeback_work) r5c_disable_writeback_async wait_event /* * conf->log is not NULL, and mddev_trylock() * will fail, wait_event() can never pass. */ conf->log = NULL

Fix this problem by setting 'config->log' to NULL before wake_up() as it used to be, so that wait_event() from r5c_disable_writeback_async() can exist. In the meantime, move forward md_unregister_thread() so that null-ptr-deref this commit fixed can still be fixed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb13015af94cf405f73ff64ce0797269554020c37 < ac9e103f282a7854f3274ef5ff0742fbbe8d7d6baffected
LinuxLinuxb13015af94cf405f73ff64ce0797269554020c37 < 71cf23271f015a57038bdc4669952096f9fe5500affected
LinuxLinuxb13015af94cf405f73ff64ce0797269554020c37 < c406984738215dc20ac2dc63e49d70f20797730eaffected
LinuxLinuxb13015af94cf405f73ff64ce0797269554020c37 < a705b11b358dee677aad80630e7608b2d5f56691affected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.1.53 <= 6.1.*unaffected
LinuxLinux6.4.16 <= 6.4.*unaffected
LinuxLinux6.5.3 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

References