vulnerability

Red Hat: CVE-2024-35808: kernel: md/dm-raid: don't call md_reap_sync_thread() directly (Multiple Advisories)

Name: Red Hat: CVE-2024-35808: kernel: md/dm-raid: don't call md_reap_sync_thread() directly (Multiple Advisories)
Creator: Red Hat
Published: 2024-05-17T00:00:00.000Z
Keywords: CVE, CWE-667, Red Hat, 2024, 35808, kernel, redhat-upgrade-kernel, redhat-upgrade-kernel-rt, Severity 5

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

May 17, 2024

Added

Dec 5, 2024

Modified

Jun 17, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

md/dm-raid: don't call md_reap_sync_thread() directly

Currently md_reap_sync_thread() is called from raid_message() directly
without holding 'reconfig_mutex', this is definitely unsafe because
md_reap_sync_thread() can change many fields that is protected by
'reconfig_mutex'.

However, hold 'reconfig_mutex' here is still problematic because this
will cause deadlock, for example, commit 130443d60b1b ("md: refactor
idle/frozen_sync_thread() to fix deadlock").

Fix this problem by using stop_sync_thread() to unregister sync_thread,
like md/raid did.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report

Red Hat: CVE-2024-35808: kernel: md/dm-raid: don&#39;t call md_reap_sync_thread() directly (Multiple Advisories)

Description

Solutions

References

2026 Global Threat Landscape Report

Red Hat: CVE-2024-35808: kernel: md/dm-raid: don't call md_reap_sync_thread() directly (Multiple Advisories)