CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: fix deadlock that raid5d() wait for itself to clear
MD_SB_CHANGE_PENDING
Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with
small possibility, the root cause is exactly the same as commit
bed9e27baf52 (“Revert “md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d””)
However, Dan reported another hang after that, and junxiao investigated
the problem and found out that this is caused by plugged bio can’t issue
from raid5d().
Current implementation in raid5d() has a weird dependence:
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < any | UNKNOWN |
git.kernel.org/linus/151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa (6.10-rc1)
git.kernel.org/stable/c/098d54934814dd876963abfe751c3b1cf7fbe56a
git.kernel.org/stable/c/151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa
git.kernel.org/stable/c/3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b
git.kernel.org/stable/c/634ba3c97ec413cb10681c7b196db43ee461ecf4
git.kernel.org/stable/c/aa64464c8f4d2ab92f6d0b959a1e0767b829d787
git.kernel.org/stable/c/b32aa95843cac6b12c2c014d40fca18aef24a347
git.kernel.org/stable/c/cd2538e5af495b3c747e503db346470fc1ffc447
git.kernel.org/stable/c/e332a12f65d8fed8cf63bedb4e9317bb872b9ac7
launchpad.net/bugs/cve/CVE-2024-39476
nvd.nist.gov/vuln/detail/CVE-2024-39476
security-tracker.debian.org/tracker/CVE-2024-39476
www.cve.org/CVERecord?id=CVE-2024-39476