{ "threat_severity" : "Low", "public_date" : "2024-05-17T00:00:00Z", "bugzilla" : { "description" : "kernel: dm-raid: really frozen sync_thread during suspend", "id" : "2281045", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2281045" }, "cvss3" : { "cvss3_base_score" : "4.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndm-raid: really frozen sync_thread during suspend\n1) commit f52f5c71f3d4 (\"md: fix stopping sync thread\") remove\nMD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize that\ndm-raid relies on __md_stop_writes() to frozen sync_thread\nindirectly. Fix this problem by adding MD_RECOVERY_FROZEN in\nmd_stop_writes(), and since stop_sync_thread() is only used for\ndm-raid in this case, also move stop_sync_thread() to\nmd_stop_writes().\n2) The flag MD_RECOVERY_FROZEN doesn't mean that sync thread is frozen,\nit only prevent new sync_thread to start, and it can't stop the\nrunning sync thread; In order to frozen sync_thread, after seting the\nflag, stop_sync_thread() should be used.\n3) The flag MD_RECOVERY_FROZEN doesn't mean that writes are stopped, use\nit as condition for md_stop_writes() in raid_postsuspend() doesn't\nlook correct. Consider that reentrant stop_sync_thread() do nothing,\nalways call md_stop_writes() in raid_postsuspend().\n4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime,\nand if MD_RECOVERY_FROZEN is cleared while the array is suspended,\nnew sync_thread can start unexpected. Fix this by disallow\nraid_message() to change sync_thread status during suspend.\nNote that after commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), the\ntest shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(),\nand with previous fixes, the test won't hang there anymore, however, the\ntest will still fail and complain that ext4 is corrupted. And with this\npatch, the test won't hang due to stop_sync_thread() or fail due to ext4\nis corrupted anymore. However, there is still a deadlock related to\ndm-raid456 that will be fixed in following patches.", "A hang flaw was found in the Linux kernel’s Raid (MD) subsystem. This flaw allows a local user to crash the system." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-35794\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35794\nhttps://lore.kernel.org/linux-cve-announce/2024051709-CVE-2024-35794-f42d@gregkh/T" ], "name" : "CVE-2024-35794", "csaw" : false }