CVE-2024-26899

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26899
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26899.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-26899
Downstream
Related
Published
2024-04-17T10:27:49Z
Modified
2025-10-15T08:57:03.211908Z
Summary
block: fix deadlock between bd_link_disk_holder and partition scan
Details

In the Linux kernel, the following vulnerability has been resolved:

block: fix deadlock between bdlinkdisk_holder and partition scan

'openmutex' of gendisk is used to protect open/close block devices. But in bdlinkdiskholder(), it is used to protect the creation of symlink between holding disk and slave bdev, which introduces some issues.

When bdlinkdiskholder() is called, the driver is usually in the process of initialization/modification and may suspend submitting io. At this time, any io hold 'openmutex', such as scanning partitions, can cause deadlocks. For example, in raid:

T1 T2 bdevopenbydev lock openmutex [1] ... efipartition ... mdsubmitbio mdioctl mddevsyspend -> suspend all io mdaddnewdisk bindrdevtoarray bdlinkdiskholder try lock openmutex [2] mdhandlerequest -> wait mddevresume

T1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume mddev, but T2 waits for open_mutex held by T1. Deadlock occurs.

Fix it by introducing a local mutex 'blkholdermutex' to replace 'open_mutex'.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1b0a2d950ee2a54aa04fb31ead32144be0bbf690
Fixed
1e5c5b0abaee7b62a10b9707a62083b71ad21f62
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1b0a2d950ee2a54aa04fb31ead32144be0bbf690
Fixed
5a87c1f7993bc8ac358a3766bac5dc7126e01e98
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1b0a2d950ee2a54aa04fb31ead32144be0bbf690
Fixed
03f12122b20b6e6028e9ed69030a49f9cffcbb75

Affected versions

v6.*

v6.6
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "144623170384012242488759726238556545828",
                    "295534047913237276863596253176300523503",
                    "240503958674240768827191040389591320829",
                    "15521143406422847981533786329738769946",
                    "231507180559358503172686420553661988998",
                    "104736496888728387649230642383029365138",
                    "129269318326685757762381687341406290715",
                    "133032899872722577065161251196668787388",
                    "289985304509443868609028138089495847082",
                    "176973930446137978842944552443118600727",
                    "115776093519466715734007399727207895186",
                    "211175471572417820206384985580396926287",
                    "302490667229333499782233352160677108555",
                    "191371299274519834867071620986009484874",
                    "211687946338251492351060252953984743447",
                    "185771762213787757763812153907247753371",
                    "255313784954902221942043212075373905379",
                    "175217339570051485386407880454249321183",
                    "192458195498824734875515962191775507439",
                    "241152791065385991170844158723178993261",
                    "204348906547774956431767052884387301737",
                    "47597651465976268310013758112434925370"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5a87c1f7993bc8ac358a3766bac5dc7126e01e98",
            "target": {
                "file": "block/holder.c"
            },
            "id": "CVE-2024-26899-1c9d53a9",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1358.0,
                "function_hash": "310529392157510557566412927640281399007"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5a87c1f7993bc8ac358a3766bac5dc7126e01e98",
            "target": {
                "file": "block/holder.c",
                "function": "bd_link_disk_holder"
            },
            "id": "CVE-2024-26899-1da4b7c9",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 485.0,
                "function_hash": "47767414462499993179111135991203067302"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1e5c5b0abaee7b62a10b9707a62083b71ad21f62",
            "target": {
                "file": "block/holder.c",
                "function": "bd_unlink_disk_holder"
            },
            "id": "CVE-2024-26899-31e57af1",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1358.0,
                "function_hash": "310529392157510557566412927640281399007"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@03f12122b20b6e6028e9ed69030a49f9cffcbb75",
            "target": {
                "file": "block/holder.c",
                "function": "bd_link_disk_holder"
            },
            "id": "CVE-2024-26899-62bf74a4",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 485.0,
                "function_hash": "47767414462499993179111135991203067302"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@03f12122b20b6e6028e9ed69030a49f9cffcbb75",
            "target": {
                "file": "block/holder.c",
                "function": "bd_unlink_disk_holder"
            },
            "id": "CVE-2024-26899-77cedc5a",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "144623170384012242488759726238556545828",
                    "295534047913237276863596253176300523503",
                    "240503958674240768827191040389591320829",
                    "15521143406422847981533786329738769946",
                    "231507180559358503172686420553661988998",
                    "104736496888728387649230642383029365138",
                    "129269318326685757762381687341406290715",
                    "133032899872722577065161251196668787388",
                    "289985304509443868609028138089495847082",
                    "176973930446137978842944552443118600727",
                    "115776093519466715734007399727207895186",
                    "211175471572417820206384985580396926287",
                    "302490667229333499782233352160677108555",
                    "191371299274519834867071620986009484874",
                    "211687946338251492351060252953984743447",
                    "185771762213787757763812153907247753371",
                    "255313784954902221942043212075373905379",
                    "175217339570051485386407880454249321183",
                    "192458195498824734875515962191775507439",
                    "241152791065385991170844158723178993261",
                    "204348906547774956431767052884387301737",
                    "47597651465976268310013758112434925370"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@03f12122b20b6e6028e9ed69030a49f9cffcbb75",
            "target": {
                "file": "block/holder.c"
            },
            "id": "CVE-2024-26899-84029ff7",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 485.0,
                "function_hash": "47767414462499993179111135991203067302"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5a87c1f7993bc8ac358a3766bac5dc7126e01e98",
            "target": {
                "file": "block/holder.c",
                "function": "bd_unlink_disk_holder"
            },
            "id": "CVE-2024-26899-adc9d042",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1358.0,
                "function_hash": "310529392157510557566412927640281399007"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1e5c5b0abaee7b62a10b9707a62083b71ad21f62",
            "target": {
                "file": "block/holder.c",
                "function": "bd_link_disk_holder"
            },
            "id": "CVE-2024-26899-b3be1678",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "144623170384012242488759726238556545828",
                    "295534047913237276863596253176300523503",
                    "240503958674240768827191040389591320829",
                    "15521143406422847981533786329738769946",
                    "231507180559358503172686420553661988998",
                    "104736496888728387649230642383029365138",
                    "129269318326685757762381687341406290715",
                    "133032899872722577065161251196668787388",
                    "289985304509443868609028138089495847082",
                    "176973930446137978842944552443118600727",
                    "115776093519466715734007399727207895186",
                    "211175471572417820206384985580396926287",
                    "302490667229333499782233352160677108555",
                    "191371299274519834867071620986009484874",
                    "211687946338251492351060252953984743447",
                    "185771762213787757763812153907247753371",
                    "255313784954902221942043212075373905379",
                    "175217339570051485386407880454249321183",
                    "192458195498824734875515962191775507439",
                    "241152791065385991170844158723178993261",
                    "204348906547774956431767052884387301737",
                    "47597651465976268310013758112434925370"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1e5c5b0abaee7b62a10b9707a62083b71ad21f62",
            "target": {
                "file": "block/holder.c"
            },
            "id": "CVE-2024-26899-f9cd1640",
            "signature_type": "Line"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.11
Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.8.2