CVE-2024-38384

Summary

In the Linux kernel, the following vulnerability has been resolved:

blk-cgroup: fix list corruption from reorder of WRITE ->lqueued

__blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed.

If WRITE of ->lqueued is re-ordered with READ of 'bisc->lnode.next' in the loop of __blkcg_rstat_flush(), next_bisc can be assigned with one stat instance being added in blk_cgroup_bio_start(), then the local list in __blkcg_rstat_flush() could be corrupted.

Fix the issue by adding one barrier.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3b8cc6298724021da845f2f9fd7dd4b6829a6817 < 714e59b5456e4d6e4295a9968c564abe193f461caffected
LinuxLinux3b8cc6298724021da845f2f9fd7dd4b6829a6817 < 785298ab6b802afa75089239266b6bbea590809caffected
LinuxLinux3b8cc6298724021da845f2f9fd7dd4b6829a6817 < d0aac2363549e12cc79b8e285f13d5a9f42fd08eaffected
LinuxLinux6.2affected
LinuxLinux0 < 6.2unaffected
LinuxLinux6.6.33 <= 6.6.*unaffected
LinuxLinux6.9.4 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References