Lucene search
416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-27023HistoryMay 01, 2024 - 1:15 p.m.
CVE-2024-27023
2024-05-0113:15:48
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
5
linux kernel
vulnerability
cve-2024-27023
'active_io'
flush_pending
mddev_suspend
In the Linux kernel, the following vulnerability has been resolved:
md: Fix missing release of ‘active_io’ for flush
submit_flushes
atomic_set(&mddev->flush_pending, 1);
rdev_for_each_rcu(rdev, mddev)
atomic_inc(&mddev->flush_pending);
bi->bi_end_io = md_end_flush
submit_bio(bi);
/* flush io is done first */
md_end_flush
if (atomic_dec_and_test(&mddev->flush_pending))
percpu_ref_put(&mddev->active_io)
-> active_io is not released
if (atomic_dec_and_test(&mddev->flush_pending))
-> missing release of active_io
For consequence, mddev_suspend() will wait for ‘active_io’ to be zero
forever.
Fix this problem by releasing ‘active_io’ in submit_flushes() if
‘flush_pending’ is decreased to zero.
Related
osv
osv
CVE-2024-27023
2024-05-01 13:15:00
vulnrichment
vulnrichment
CVE-2024-27023 md: Fix missing release of 'active_io' for flush
2024-05-01 12:49:21
cve
cve
CVE-2024-27023
2024-05-01 13:15:48
redhatcve
redhatcve
CVE-2024-27023
2024-05-01 21:23:39
ubuntucve
ubuntucve
CVE-2024-27023
2024-05-01 00:00:00
debiancve
debiancve
CVE-2024-27023
2024-05-01 13:15:48
cvelist
cvelist
CVE-2024-27023 md: Fix missing release of 'active_io' for flush
2024-05-01 12:49:21
nessus
nessus
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-603)
2024-04-29 00:00:00
RHEL 6 : kernel (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : kernel (Unpatched Vulnerability)
2024-05-11 00:00:00