CVE-2024-26880
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
17/04/2024
Last modified:
23/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
dm: call the resume method on internal suspend<br />
<br />
There is this reported crash when experimenting with the lvm2 testsuite.<br />
The list corruption is caused by the fact that the postsuspend and resume<br />
methods were not paired correctly; there were two consecutive calls to the<br />
origin_postsuspend function. The second call attempts to remove the<br />
"hash_list" entry from a list, while it was already removed by the first<br />
call.<br />
<br />
Fix __dm_internal_resume so that it calls the preresume and resume<br />
methods of the table&#39;s targets.<br />
<br />
If a preresume method of some target fails, we are in a tricky situation.<br />
We can&#39;t return an error because dm_internal_resume isn&#39;t supposed to<br />
return errors. We can&#39;t return success, because then the "resume" and<br />
"postsuspend" methods would not be paired correctly. So, we set the<br />
DMF_SUSPENDED flag and we fake normal suspend - it may confuse userspace<br />
tools, but it won&#39;t cause a kernel crash.<br />
<br />
------------[ cut here ]------------<br />
kernel BUG at lib/list_debug.c:56!<br />
invalid opcode: 0000 [#1] PREEMPT SMP<br />
CPU: 1 PID: 8343 Comm: dmsetup Not tainted 6.8.0-rc6 #4<br />
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014<br />
RIP: 0010:__list_del_entry_valid_or_report+0x77/0xc0<br />
<br />
RSP: 0018:ffff8881b831bcc0 EFLAGS: 00010282<br />
RAX: 000000000000004e RBX: ffff888143b6eb80 RCX: 0000000000000000<br />
RDX: 0000000000000001 RSI: ffffffff819053d0 RDI: 00000000ffffffff<br />
RBP: ffff8881b83a3400 R08: 00000000fffeffff R09: 0000000000000058<br />
R10: 0000000000000000 R11: ffffffff81a24080 R12: 0000000000000001<br />
R13: ffff88814538e000 R14: ffff888143bc6dc0 R15: ffffffffa02e4bb0<br />
FS: 00000000f7c0f780(0000) GS:ffff8893f0a40000(0000) knlGS:0000000000000000<br />
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033<br />
CR2: 0000000057fb5000 CR3: 0000000143474000 CR4: 00000000000006b0<br />
Call Trace:<br />
<br />
? die+0x2d/0x80<br />
? do_trap+0xeb/0xf0<br />
? __list_del_entry_valid_or_report+0x77/0xc0<br />
? do_error_trap+0x60/0x80<br />
? __list_del_entry_valid_or_report+0x77/0xc0<br />
? exc_invalid_op+0x49/0x60<br />
? __list_del_entry_valid_or_report+0x77/0xc0<br />
? asm_exc_invalid_op+0x16/0x20<br />
? table_deps+0x1b0/0x1b0 [dm_mod]<br />
? __list_del_entry_valid_or_report+0x77/0xc0<br />
origin_postsuspend+0x1a/0x50 [dm_snapshot]<br />
dm_table_postsuspend_targets+0x34/0x50 [dm_mod]<br />
dm_suspend+0xd8/0xf0 [dm_mod]<br />
dev_suspend+0x1f2/0x2f0 [dm_mod]<br />
? table_deps+0x1b0/0x1b0 [dm_mod]<br />
ctl_ioctl+0x300/0x5f0 [dm_mod]<br />
dm_compat_ctl_ioctl+0x7/0x10 [dm_mod]<br />
__x64_compat_sys_ioctl+0x104/0x170<br />
do_syscall_64+0x184/0x1b0<br />
entry_SYSCALL_64_after_hwframe+0x46/0x4e<br />
RIP: 0033:0xf7e6aead<br />
<br />
---[ end trace 0000000000000000 ]---
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.19 (including) | 4.19.311 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.273 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.214 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.153 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.83 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.23 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.7.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.8 (including) | 6.8.2 (excluding) |
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/03ad5ad53e51abf3a4c7538c1bc67a5982b41dc5
- https://git.kernel.org/stable/c/15a3fc5c8774c17589dabfe1d642d40685c985af
- https://git.kernel.org/stable/c/360a7d1be8112654f1fb328ed3862be630bca3f4
- https://git.kernel.org/stable/c/65e8fbde64520001abf1c8d0e573561b4746ef38
- https://git.kernel.org/stable/c/69836d9329f0b4c58faaf3d886a7748ddb5bf718
- https://git.kernel.org/stable/c/ad10289f68f45649816cc68eb93f45fd5ec48a15
- https://git.kernel.org/stable/c/da7ece2197101b1469853e6b5e915be1e3896d52
- https://git.kernel.org/stable/c/ef02d8edf738557af2865c5bfb66a03c4e071be7
- https://git.kernel.org/stable/c/f89bd27709376d37ff883067193320c58a8c1d5a
- https://git.kernel.org/stable/c/03ad5ad53e51abf3a4c7538c1bc67a5982b41dc5
- https://git.kernel.org/stable/c/15a3fc5c8774c17589dabfe1d642d40685c985af
- https://git.kernel.org/stable/c/360a7d1be8112654f1fb328ed3862be630bca3f4
- https://git.kernel.org/stable/c/65e8fbde64520001abf1c8d0e573561b4746ef38
- https://git.kernel.org/stable/c/69836d9329f0b4c58faaf3d886a7748ddb5bf718
- https://git.kernel.org/stable/c/ad10289f68f45649816cc68eb93f45fd5ec48a15
- https://git.kernel.org/stable/c/da7ece2197101b1469853e6b5e915be1e3896d52
- https://git.kernel.org/stable/c/ef02d8edf738557af2865c5bfb66a03c4e071be7
- https://git.kernel.org/stable/c/f89bd27709376d37ff883067193320c58a8c1d5a
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html