vulnerability

Red Hat: CVE-2024-35808: kernel: md/dm-raid: don't call md_reap_sync_thread() directly (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	2024-05-17	2024-12-05	2025-03-10

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

2024-05-17

Added

2024-12-05

Modified

2025-03-10

Description

In the Linux kernel, the following vulnerability has been resolved:

md/dm-raid: don't call md_reap_sync_thread() directly

Currently md_reap_sync_thread() is called from raid_message() directly
without holding 'reconfig_mutex', this is definitely unsafe because
md_reap_sync_thread() can change many fields that is protected by
'reconfig_mutex'.

However, hold 'reconfig_mutex' here is still problematic because this
will cause deadlock, for example, commit 130443d60b1b ("md: refactor
idle/frozen_sync_thread() to fix deadlock").

Fix this problem by using stop_sync_thread() to unregister sync_thread,
like md/raid did.

Solution(s)

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today

Red Hat: CVE-2024-35808: kernel: md/dm-raid: don&#39;t call md_reap_sync_thread() directly (Multiple Advisories)

Description

Solution(s)

References

Explore Exposure Command

Red Hat: CVE-2024-35808: kernel: md/dm-raid: don't call md_reap_sync_thread() directly (Multiple Advisories)