{ "threat_severity" : "Moderate", "public_date" : "2024-06-19T00:00:00Z", "bugzilla" : { "description" : "kernel: md: fix resync softlockup when bitmap size is less than array size", "id" : "2293367", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2293367" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-667", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmd: fix resync softlockup when bitmap size is less than array size\nIs is reported that for dm-raid10, lvextend + lvchange --syncaction will\ntrigger following softlockup:\nkernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]\nCPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1\nRIP: 0010:_raw_spin_unlock_irq+0x13/0x30\nCall Trace:\n\nmd_bitmap_start_sync+0x6b/0xf0\nraid10_sync_request+0x25c/0x1b40 [raid10]\nmd_do_sync+0x64b/0x1020\nmd_thread+0xa7/0x170\nkthread+0xcf/0x100\nret_from_fork+0x30/0x50\nret_from_fork_asm+0x1a/0x30\nAnd the detailed process is as follows:\nmd_do_sync\nj = mddev->resync_min\nwhile (j < max_sectors)\nsectors = raid10_sync_request(mddev, j, &skipped)\nif (!md_bitmap_start_sync(..., &sync_blocks))\n// md_bitmap_start_sync set sync_blocks to 0\nreturn sync_blocks + sectors_skippe;\n// sectors = 0;\nj += sectors;\n// j never change\nRoot cause is that commit 301867b1c168 (\"md/raid10: check\nslab-out-of-bounds in md_bitmap_get_counter\") return early from\nmd_bitmap_get_counter(), without setting returned blocks.\nFix this problem by always set returned blocks from\nmd_bitmap_get_counter\"(), as it used to be.\nNoted that this patch just fix the softlockup problem in kernel, the\ncase that bitmap size doesn't match array size still need to be fixed." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-08-08T00:00:00Z", "advisory" : "RHSA-2024:5101", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.16.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6993", "cpe" : "cpe:/o:redhat:rhel_eus:8.8", "package" : "kernel-0:4.18.0-477.74.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-01-08T00:00:00Z", "advisory" : "RHSA-2025:0057", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "kernel-0:5.14.0-427.50.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-38598\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38598\nhttps://lore.kernel.org/linux-cve-announce/2024061956-CVE-2024-38598-8629@gregkh/T" ], "name" : "CVE-2024-38598", "csaw" : false }