CVE-2024-45023

Summary

In the Linux kernel, the following vulnerability has been resolved:

md/raid1: Fix data corruption for degraded array with slow disk

read_balance() will avoid reading from slow disks as much as possible, however, if valid data only lands in slow disks, and a new normal disk is still in recovery, unrecovered data can be read:

raid1_read_request read_balance raid1_should_read_first -> return false choose_best_rdev -> normal disk is not recovered, return -1 choose_bb_rdev -> missing the checking of recovery, return the normal disk -> read unrecovered data

Root cause is that the checking of recovery is missing in choose_bb_rdev(). Hence add such checking to fix the problem.

Also fix similar problem in choose_slow_rdev().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdfa8ecd167c1753d4fc24a517e1d79c603183c94 < 2febf5fdbf5d9a52ddc3e986971c8609b1582d67affected
LinuxLinuxdfa8ecd167c1753d4fc24a517e1d79c603183c94 < c916ca35308d3187c9928664f9be249b22a3a701affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.10.7 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References