{"timestamp":"2024-04-04T15:44:46.004126Z","id":"CVE-2024-26758","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/md.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"68866e425be2ef2664aa5c691bb3ab789736acf5","lessThan":"a55f0d6179a19c6b982e2dc344d58c98647a3be0","versionType":"git","status":"affected"},{"version":"68866e425be2ef2664aa5c691bb3ab789736acf5","lessThan":"1baae052cccd08daf9a9d64c3f959d8cdb689757","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/md.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.0","status":"affected"},{"version":"0","lessThan":"3.0","versionType":"semver","status":"unaffected"},{"version":"6.7.7","lessThanOrEqual":"6.7.*","versionType":"semver","status":"unaffected"},{"version":"6.8","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

OR
          *cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.0 up to (excluding) 6.7.7

CVE: https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757 Types: Patch

CVE: https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0 Types: Patch

kernel.org: https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757 Types: Patch

kernel.org: https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0 Types: Patch

https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757

https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0

CISA-ADP AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA-ADP CWE-129

In the Linux kernel, the following vulnerability has been resolved:

md: Don't ignore suspended array in md_check_recovery()

mddev_suspend() never stop sync_thread, hence it doesn't make sense to
ignore suspended array in md_check_recovery(), which might cause
sync_thread can't be unregistered.

After commit f52f5c71f3d4 ("md: fix stopping sync thread"), following
hang can be triggered by test shell/integrity-caching.sh:

1) suspend the array:
raid_postsuspend
 mddev_suspend

2) stop the array:
raid_dtr
 md_stop
  __md_stop_writes
   stop_sync_thread
    set_bit(MD_RECOVERY_INTR, &mddev->recovery);
    md_wakeup_thread_directly(mddev->sync_thread);
    wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))

3) sync thread done:
md_do_sync
 set_bit(MD_RECOVERY_DONE, &mddev->recovery);
 md_wakeup_thread(mddev->thread);

4) daemon thread can't unregister sync thread:
md_check_recovery
 if (mddev->suspended)
   return; -> return directly
 md_read_sync_thread
 clear_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
 -> MD_RECOVERY_RUNNING can't be cleared, hence step 2 hang;

This problem is not just related to dm-raid, fix it by ignoring
suspended array in md_check_recovery(). And follow up patches will
improve dm-raid better to frozen sync thread during suspend.

kernel.org https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757 [No types assigned]

kernel.org https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0 [No types assigned]