In the Linux kernel, the following vulnerability has been resolved:
md: Fix missing release of ‘active_io’ for flush
submit_flushes
atomic_set(&mddev->flush_pending, 1);
rdev_for_each_rcu(rdev, mddev)
atomic_inc(&mddev->flush_pending);
bi->bi_end_io = md_end_flush
submit_bio(bi);
/* flush io is done first */
md_end_flush
if (atomic_dec_and_test(&mddev->flush_pending))
percpu_ref_put(&mddev->active_io)
-> active_io is not released
if (atomic_dec_and_test(&mddev->flush_pending))
-> missing release of active_io
For consequence, mddev_suspend() will wait for ‘active_io’ to be zero
forever.
Fix this problem by releasing ‘active_io’ in submit_flushes() if
‘flush_pending’ is decreased to zero.
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/md/md.c"
],
"versions": [
{
"version": "f9f2d957a8ea",
"lessThan": "6b2ff10390b1",
"status": "affected",
"versionType": "git"
},
{
"version": "530cec617f5a",
"lessThan": "02dad157ba11",
"status": "affected",
"versionType": "git"
},
{
"version": "c4c2345214b6",
"lessThan": "11f81438927f",
"status": "affected",
"versionType": "git"
},
{
"version": "fa2bbff7b0b4",
"lessThan": "855678ed8534",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/md/md.c"
],
"versions": [
{
"version": "6.1.75",
"lessThan": "6.1.80",
"status": "affected",
"versionType": "custom"
},
{
"version": "6.6.14",
"lessThan": "6.6.19",
"status": "affected",
"versionType": "custom"
},
{
"version": "6.7.2",
"lessThan": "6.7.7",
"status": "affected",
"versionType": "custom"
}
]
}
]