Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-39476
HistoryJul 05, 2024 - 7:15 a.m.

CVE-2024-39476

2024-07-0507:15:10
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
12
linux kernel
vulnerability
fix
raid5d
deadlock
hang
implementation
fix
md_check_recovery
reconfig_mutex

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING

Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with
small possibility, the root cause is exactly the same as commit
bed9e27baf52 (“Revert “md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d””)

However, Dan reported another hang after that, and junxiao investigated
the problem and found out that this is caused by plugged bio can’t issue
from raid5d().

Current implementation in raid5d() has a weird dependence:

  1. md_check_recovery() from raid5d() must hold ‘reconfig_mutex’ to clear
    MD_SB_CHANGE_PENDING;
  2. raid5d() handles IO in a deadloop, until all IO are issued;
  3. IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;

This behaviour is introduce before v2.6, and for consequence, if other
context hold ‘reconfig_mutex’, and md_check_recovery() can’t update
super_block, then raid5d() will waste one cpu 100% by the deadloop, until
‘reconfig_mutex’ is released.

Refer to the implementation from raid1 and raid10, fix this problem by
skipping issue IO if MD_SB_CHANGE_PENDING is still set after
md_check_recovery(), daemon thread will be woken up when ‘reconfig_mutex’
is released. Meanwhile, the hang problem will be fixed as well.

Affected configurations

Vulners
Node
linuxlinux_kernelRange6.14.19.316
OR
linuxlinux_kernelRange4.20.05.4.278
OR
linuxlinux_kernelRange5.5.05.10.219
OR
linuxlinux_kernelRange5.11.05.15.161
OR
linuxlinux_kernelRange5.16.06.1.94
OR
linuxlinux_kernelRange6.2.06.6.34
OR
linuxlinux_kernelRange6.7.06.9.5
OR
linuxlinux_kernelRange6.10.06.10-rc1

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/md/raid5.c"
    ],
    "versions": [
      {
        "version": "f3d55bd5b7b9",
        "lessThan": "b32aa95843ca",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1c00bb624cd0",
        "lessThan": "634ba3c97ec4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "782b3e71c957",
        "lessThan": "aa64464c8f4d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9e86dffd0b02",
        "lessThan": "098d54934814",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "5e2cf333b7bd",
        "lessThan": "3f8d5e802d4c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "5e2cf333b7bd",
        "lessThan": "cd2538e5af49",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "5e2cf333b7bd",
        "lessThan": "e332a12f65d8",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "5e2cf333b7bd",
        "lessThan": "151f66bb618d",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/md/raid5.c"
    ],
    "versions": [
      {
        "version": "6.1",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.1",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.316",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.278",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.219",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.161",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.94",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.34",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.5",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10-rc1",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
redhatcve 1
debiancve 1
cvelist
cvelist
CVE-2024-39476 md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
2024-07-05 06:55:06
nvd
nvd
CVE-2024-39476
2024-07-05 07:15:10
redhatcve
redhatcve
CVE-2024-39476
2024-07-05 09:52:48
debiancve
debiancve
CVE-2024-39476
2024-07-05 07:15:10

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON
Related for CVE-2024-39476
cvelist1nvd1redhatcve1debiancve1