CVE-2024-38598
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: fix resync softlockup when bitmap size is less than array size
Is is reported that for dm-raid10, lvextend + lvchange –syncaction will trigger following softlockup:
kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976] CPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1 RIP: 0010:_raw_spin_unlock_irq+0x13/0x30 Call Trace: <TASK> md_bitmap_start_sync+0x6b/0xf0 raid10_sync_request+0x25c/0x1b40 [raid10] md_do_sync+0x64b/0x1020 md_thread+0xa7/0x170 kthread+0xcf/0x100 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1a/0x30
And the detailed process is as follows:
md_do_sync j = mddev->resync_min while (j < max_sectors) sectors = raid10_sync_request(mddev, j, &skipped) if (!md_bitmap_start_sync(…, &sync_blocks)) // md_bitmap_start_sync set sync_blocks to 0 return sync_blocks + sectors_skippe; // sectors = 0; j += sectors; // j never change
Root cause is that commit 301867b1c168 ("md/raid10: check slab-out-of-bounds in md_bitmap_get_counter") return early from md_bitmap_get_counter(), without setting returned blocks.
Fix this problem by always set returned blocks from md_bitmap_get_counter"(), as it used to be.
Noted that this patch just fix the softlockup problem in kernel, the case that bitmap size doesn't match array size still need to be fixed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 374fb914304d9b500721007f3837ea8f1f9a2418 < d4b9c764d48fa41caa24cfb4275f3aa9fb4bd798 | affected |
| Linux | Linux | b0b971fe7d61411ede63c3291764dbde1577ef2c < 43771597feba89a839c5f893716df88ae5c237ce | affected |
| Linux | Linux | 39fa14e824acfd470db4f42c354297456bd82b53 < 3f5b73ef8fd6268cbc968b308d8eafe56fda97f3 | affected |
| Linux | Linux | a134dd582c0d5b6068efa308bd485cf1d00b3f65 < 69296914bfd508c85935bf5f711cad9b0fe78492 | affected |
| Linux | Linux | be1a3ec63a840cc9e59a033acf154f56255699a1 < 71e8e4f288e74a896b6d9cd194f3bab12bd7a10f | affected |
| Linux | Linux | 301867b1c16805aebbc306aafa6ecdc68b73c7e5 < c9566b812c8f66160466cc1e29df6d3646add0b1 | affected |
| Linux | Linux | 301867b1c16805aebbc306aafa6ecdc68b73c7e5 < 5817f43ae1a118855676f57ef7ab50e37eac7482 | affected |
| Linux | Linux | 301867b1c16805aebbc306aafa6ecdc68b73c7e5 < 8bbc71315e0ae4bb7e37f8d43b915e1cb01a481b | affected |
| Linux | Linux | 301867b1c16805aebbc306aafa6ecdc68b73c7e5 < f0e729af2eb6bee9eb58c4df1087f14ebaefe26b | affected |
| Linux | Linux | 152bb26796ff054af50b2ee1b3ca56e364e4f61b | affected |
| Linux | Linux | bea301c046110bf421a3ce153fb868cb8d618e90 | affected |
| Linux | Linux | 4.19.291 < 4.19.316 | affected |
| Linux | Linux | 5.4.251 < 5.4.278 | affected |
| Linux | Linux | 5.10.188 < 5.10.219 | affected |
| Linux | Linux | 5.15.121 < 5.15.161 | affected |
| Linux | Linux | 6.1.39 < 6.1.93 | affected |
| Linux | Linux | 6.3.13 < 6.4 | affected |
| Linux | Linux | 6.4.4 < 6.5 | affected |
| Linux | Linux | 6.5 | affected |
| Linux | Linux | 0 < 6.5 | unaffected |
| Linux | Linux | 4.19.316 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.278 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.219 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.161 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.93 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.33 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.12 <= 6.8.* | unaffected |
| Linux | Linux | 6.9.3 <= 6.9.* | unaffected |
| Linux | Linux | 6.10 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/d4b9c764d48fa41caa24cfb4275f3aa9fb4bd798
- https://git.kernel.org/stable/c/43771597feba89a839c5f893716df88ae5c237ce
- https://git.kernel.org/stable/c/3f5b73ef8fd6268cbc968b308d8eafe56fda97f3
- https://git.kernel.org/stable/c/69296914bfd508c85935bf5f711cad9b0fe78492
- https://git.kernel.org/stable/c/71e8e4f288e74a896b6d9cd194f3bab12bd7a10f
- https://git.kernel.org/stable/c/c9566b812c8f66160466cc1e29df6d3646add0b1
- https://git.kernel.org/stable/c/5817f43ae1a118855676f57ef7ab50e37eac7482
- https://git.kernel.org/stable/c/8bbc71315e0ae4bb7e37f8d43b915e1cb01a481b
- https://git.kernel.org/stable/c/f0e729af2eb6bee9eb58c4df1087f14ebaefe26b
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-398330.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-613116.html
References
- https://git.kernel.org/stable/c/d4b9c764d48fa41caa24cfb4275f3aa9fb4bd798
- https://git.kernel.org/stable/c/43771597feba89a839c5f893716df88ae5c237ce
- https://git.kernel.org/stable/c/3f5b73ef8fd6268cbc968b308d8eafe56fda97f3
- https://git.kernel.org/stable/c/69296914bfd508c85935bf5f711cad9b0fe78492
- https://git.kernel.org/stable/c/71e8e4f288e74a896b6d9cd194f3bab12bd7a10f
- https://git.kernel.org/stable/c/c9566b812c8f66160466cc1e29df6d3646add0b1
- https://git.kernel.org/stable/c/5817f43ae1a118855676f57ef7ab50e37eac7482
- https://git.kernel.org/stable/c/8bbc71315e0ae4bb7e37f8d43b915e1cb01a481b
- https://git.kernel.org/stable/c/f0e729af2eb6bee9eb58c4df1087f14ebaefe26b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.