CVE-2024-26775

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-26775
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26775.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-26775
Downstream
Related
Published
2024-04-03T17:01:01.299Z
Modified
2026-03-23T05:09:11.885728291Z
Summary
aoe: avoid potential deadlock at set_capacity
Details

In the Linux kernel, the following vulnerability has been resolved:

aoe: avoid potential deadlock at set_capacity

Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario:

    CPU0                    CPU1
    ----                    ----

[1] lock(&bdev->bdsizelock); localirqdisable(); [2] lock(&d->lock); [3] lock(&bdev->bdsizelock); <Interrupt> [4] lock(&d->lock);

*** DEADLOCK ***

Where 1 hold by zramadd()->setcapacity(). [2]lock(&d->lock) hold by aoeblkgdalloc(). And aoeblkgdalloc() is trying to acquire 3 at setcapacity() call. In this situation an attempt to acquire [4]lock(&d->lock) from aoecmdcfg_rsp() will lead to deadlock.

So the simplest solution is breaking lock dependency 2 -> 3 by moving set_capacity() outside.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26775.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a782483cc1f875355690625d8253a232f2581418
Fixed
2499fa286fb010ceb289950050199f33c26667b9
Fixed
2d623c94fbba3554f4446ba6f3c764994e8b0d26
Fixed
673629018ba04906899dcb631beec34d871f709c
Fixed
19a77b27163820f793b4d022979ffdca8f659b77
Fixed
e169bd4fb2b36c4b2bee63c35c740c85daeb2e86

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26775.json"