CVE-2024-26899
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26899
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26899.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-26899
- Related
- Published
- 2024-04-17T11:15:10Z
- Modified
- 2024-09-18T03:26:05.233633Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
block: fix deadlock between bdlinkdisk_holder and partition scan
'openmutex' of gendisk is used to protect open/close block devices. But in bdlinkdiskholder(), it is used to protect the creation of symlink between holding disk and slave bdev, which introduces some issues.
When bdlinkdiskholder() is called, the driver is usually in the process of initialization/modification and may suspend submitting io. At this time, any io hold 'openmutex', such as scanning partitions, can cause deadlocks. For example, in raid:
T1 T2 bdevopenbydev lock openmutex [1] ... efipartition ... mdsubmitbio mdioctl mddevsyspend -> suspend all io mdaddnewdisk bindrdevtoarray bdlinkdiskholder try lock openmutex [2] mdhandlerequest -> wait mddevresume
T1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume mddev, but T2 waits for open_mutex held by T1. Deadlock occurs.
Fix it by introducing a local mutex 'blkholdermutex' to replace 'open_mutex'.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.7.12-1