CVE-2024-26775

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/04/2024
Last modified:
07/01/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> aoe: avoid potential deadlock at set_capacity<br /> <br /> Move set_capacity() outside of the section procected by (&amp;d-&gt;lock).<br /> To avoid possible interrupt unsafe locking scenario:<br /> <br /> CPU0 CPU1<br /> ---- ----<br /> [1] lock(&amp;bdev-&gt;bd_size_lock);<br /> local_irq_disable();<br /> [2] lock(&amp;d-&gt;lock);<br /> [3] lock(&amp;bdev-&gt;bd_size_lock);<br /> <br /> [4] lock(&amp;d-&gt;lock);<br /> <br /> *** DEADLOCK ***<br /> <br /> Where [1](&amp;bdev-&gt;bd_size_lock) hold by zram_add()-&gt;set_capacity().<br /> [2]lock(&amp;d-&gt;lock) hold by aoeblk_gdalloc(). And aoeblk_gdalloc()<br /> is trying to acquire [3](&amp;bdev-&gt;bd_size_lock) at set_capacity() call.<br /> In this situation an attempt to acquire [4]lock(&amp;d-&gt;lock) from<br /> aoecmd_cfg_rsp() will lead to deadlock.<br /> <br /> So the simplest solution is breaking lock dependency<br /> [2](&amp;d-&gt;lock) -&gt; [3](&amp;bdev-&gt;bd_size_lock) by moving set_capacity()<br /> outside.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.1.80 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.19 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.7.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*