In the Linux kernel, the following vulnerability has been resolved:
md/dm-raid: don't call mdreapsync_thread() directly
Currently mdreapsyncthread() is called from raidmessage() directly without holding 'reconfigmutex', this is definitely unsafe because mdreapsyncthread() can change many fields that is protected by 'reconfig_mutex'.
However, hold 'reconfigmutex' here is still problematic because this will cause deadlock, for example, commit 130443d60b1b ("md: refactor idle/frozensync_thread() to fix deadlock").
Fix this problem by using stopsyncthread() to unregister sync_thread, like md/raid did.
{ "vanir_signatures": [ { "digest": { "length": 1546.0, "function_hash": "332118063092859630542802745733215425590" }, "target": { "function": "raid_message", "file": "drivers/md/dm-raid.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@347dcdc15a1706f61aa545ae498ededdf31aeebc", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-35808-16aff309" }, { "digest": { "length": 1546.0, "function_hash": "332118063092859630542802745733215425590" }, "target": { "function": "raid_message", "file": "drivers/md/dm-raid.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9e59b8d76ff511505eb0dd1478329f09e0f04669", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-35808-1e0ba5a1" }, { "digest": { "line_hashes": [ "28792923330879859636646960075158794759", "308893630418600086071932494729428792858", "260148601151836969766580093989937779624", "158952615817667356414064763864954266659", "320396016427471467641870785984376251692", "337631543323694410775858061199106369695", "160939523037824334124685143166042829048", "200719321674781555782745970801830049371", "124074765374728020403311808151016341414", "285764913950295445577771298085704702954", "337107860733544554556604500741797309280", "264085254285694579324697382532274559528", "265319039787591874615403653836317621636", "171955581137312249693214285303297452472", "67506209711146397405042579910973642824", "104520757815589020062726511109577005756", "67309947093748017035025787678668150982" ], "threshold": 0.9 }, "target": { "file": "drivers/md/dm-raid.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@347dcdc15a1706f61aa545ae498ededdf31aeebc", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-35808-2e3c99dc" }, { "digest": { "line_hashes": [ "28792923330879859636646960075158794759", "308893630418600086071932494729428792858", "260148601151836969766580093989937779624", "158952615817667356414064763864954266659", "320396016427471467641870785984376251692", "337631543323694410775858061199106369695", "160939523037824334124685143166042829048", "200719321674781555782745970801830049371", "124074765374728020403311808151016341414", "285764913950295445577771298085704702954", "337107860733544554556604500741797309280", "264085254285694579324697382532274559528", "265319039787591874615403653836317621636", "171955581137312249693214285303297452472", "67506209711146397405042579910973642824", "104520757815589020062726511109577005756", "67309947093748017035025787678668150982" ], "threshold": 0.9 }, "target": { "file": "drivers/md/dm-raid.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9e59b8d76ff511505eb0dd1478329f09e0f04669", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-35808-b0ef66ef" } ] }