Lucene search

GoogleOSV:CVE-2024-45023

HistorySep 11, 2024 - 4:15 p.m.

CVE-2024-45023

2024-09-1116:15:07

Google

osv.dev

linux kernel

md/raid1

data corruption

slow disk

vulnerability fix

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.9

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved:

md/raid1: Fix data corruption for degraded array with slow disk

read_balance() will avoid reading from slow disks as much as possible,
however, if valid data only lands in slow disks, and a new normal disk
is still in recovery, unrecovered data can be read:

raid1_read_request
read_balance
raid1_should_read_first
-> return false
choose_best_rdev
-> normal disk is not recovered, return -1
choose_bb_rdev
-> missing the checking of recovery, return the normal disk
-> read unrecovered data

Root cause is that the checking of recovery is missing in
choose_bb_rdev(). Hence add such checking to fix the problem.

Also fix similar problem in choose_slow_rdev().

References

git.kernel.org/stable/c/2febf5fdbf5d9a52ddc3e986971c8609b1582d67

git.kernel.org/stable/c/c916ca35308d3187c9928664f9be249b22a3a701

security-tracker.debian.org/tracker/CVE-2024-45023

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.9

Confidence

High

JSON

Related for OSV:CVE-2024-45023