CVE-2024-35974

Summary

In the Linux kernel, the following vulnerability has been resolved:

block: fix q->blkg_list corruption during disk rebind

Multiple gendisk instances can allocated/added for single request queue in case of disk rebind. blkg may still stay in q->blkg_list when calling blkcg_init_disk() for rebind, then q->blkg_list becomes corrupted.

Fix the list corruption issue by:

  • add blkg_init_queue() to initialize q->blkg_list & q->blkcg_mutex only
  • move calling blkg_init_queue() into blk_alloc_queue()

The list corruption should be started since commit f1c006f1c685 ("blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()") which delays removing blkg from q->blkg_list into blkg_free_workfn().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux81c1188905f88b77743d1fdeeedfc8cb7b67787d < b5dae1cd0d8368b4338430ff93403df67f0b8bccaffected
LinuxLinuxbfe46d2efe46c5c952f982e2ca94fe2ec5e58e2a < 083b58373463a6e5ee60ecb135269348f68ad7dfaffected
LinuxLinux1059699f87eb0b3aa9d574b91a572d534897134a < 740ffad95ca8033bd6e080ed337655b13b4d38acaffected
LinuxLinux1059699f87eb0b3aa9d574b91a572d534897134a < 858c489d81d659af17a4d11cfaad2afb42e47a76affected
LinuxLinux1059699f87eb0b3aa9d574b91a572d534897134a < 8b8ace080319a866f5dfe9da8e665ae51d971c54affected
LinuxLinux6.1.16 < 6.1.17affected
LinuxLinux6.2.3 < 6.2.4affected
LinuxLinux5.18affected
LinuxLinux0 < 5.18unaffected
LinuxLinux6.1.17 <= 6.1.*unaffected
LinuxLinux6.2.4 <= 6.2.*unaffected
LinuxLinux6.6.28 <= 6.6.*unaffected
LinuxLinux6.8.7 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References