CVE-2024-27023
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2024
Last modified:
18/09/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
md: Fix missing release of &#39;active_io&#39; for flush<br />
<br />
submit_flushes<br />
atomic_set(&mddev->flush_pending, 1);<br />
rdev_for_each_rcu(rdev, mddev)<br />
atomic_inc(&mddev->flush_pending);<br />
bi->bi_end_io = md_end_flush<br />
submit_bio(bi);<br />
/* flush io is done first */<br />
md_end_flush<br />
if (atomic_dec_and_test(&mddev->flush_pending))<br />
percpu_ref_put(&mddev->active_io)<br />
-> active_io is not released<br />
<br />
if (atomic_dec_and_test(&mddev->flush_pending))<br />
-> missing release of active_io<br />
<br />
For consequence, mddev_suspend() will wait for &#39;active_io&#39; to be zero<br />
forever.<br />
<br />
Fix this problem by releasing &#39;active_io&#39; in submit_flushes() if<br />
&#39;flush_pending&#39; is decreased to zero.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.75 (including) | 6.1.80 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.14 (including) | 6.6.19 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7.2 (including) | 6.7.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/02dad157ba11064d073f5499dc33552b227d5d3a
- https://git.kernel.org/stable/c/11f81438927f84edfaaeb5d5f10856c3a1c1fc82
- https://git.kernel.org/stable/c/6b2ff10390b19a2364af622b6666b690443f9f3f
- https://git.kernel.org/stable/c/855678ed8534518e2b428bcbcec695de9ba248e8
- https://git.kernel.org/stable/c/02dad157ba11064d073f5499dc33552b227d5d3a
- https://git.kernel.org/stable/c/11f81438927f84edfaaeb5d5f10856c3a1c1fc82
- https://git.kernel.org/stable/c/6b2ff10390b19a2364af622b6666b690443f9f3f
- https://git.kernel.org/stable/c/855678ed8534518e2b428bcbcec695de9ba248e8



