CVE-2024-43855

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 17, 2024
Updated: Aug 19, 2024
CWE ID 476

Summary

CVE-2024-43855 is a Linux kernel vulnerability affecting the md (Multiple Devices) driver. This issue involves a deadlock between mddev_suspend and flush bio processes. The root cause is a non-atomic increment/decrement of the active_io variable during the flush process. The deadlock occurs when mddev is being suspended while some flush bio is in progress. The first flush clears 'mddev->flush_bio' and tries to submit data, but is blocked because mddev is suspended. The second flush sets 'mddev->flush_bio' and attempts to queue md_submit_flush_data(), which is already running and won't execute again if on the same CPU as the first flush. The third flush increments active_io and tries to flush, but is blocked because 'mddev->flush_bio' is not NULL, set by the second flush. Finally, mddev_suspend() is called and waits for active_io to decrease to 0, which is incremented by the third flush. The fix involves ensuring that active_io is decremented before md_handle_request() in md_submit_flush_data(). This change prevents make_request() from being called directly and active_io only incrementing and decrementing once during the entire flush process, eliminating the deadlock. Additionally, the only difference between the fix and the previous patch is that make_request() no longer returns an error. Since data and flush operations are split into two separate I/O requests in dm, the size of the flush submitted by dm is always zero, and make_request() will not be called in md_submit_flush_data(). To prevent future modifications from introducing similar issues, a WARN_ON is added to ensure make_request() does not return an error in this context.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share