CVE-2023-54324

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dm: fix a race condition in retrieve_deps<br /> <br /> There&amp;#39;s a race condition in the multipath target when retrieve_deps<br /> races with multipath_message calling dm_get_device and dm_put_device.<br /> retrieve_deps walks the list of open devices without holding any lock<br /> but multipath may add or remove devices to the list while it is<br /> running. The end result may be memory corruption or use-after-free<br /> memory access.<br /> <br /> See this description of a UAF with multipath_message():<br /> https://listman.redhat.com/archives/dm-devel/2022-October/052373.html<br /> <br /> Fix this bug by introducing a new rw semaphore "devices_lock". We grab<br /> devices_lock for read in retrieve_deps and we grab it for write in<br /> dm_get_device and dm_put_device.