Description

In the Linux kernel, the following vulnerability has been resolved: md: Fix missing release of 'active_io' for flush submit_flushes atomic_set(&mddev->flush_pending, 1); rdev_for_each_rcu(rdev, mddev) atomic_inc(&mddev->flush_pending); bi->bi_end_io = md_end_flush submit_bio(bi); /* flush io is done first */ md_end_flush if (atomic_dec_and_test(&mddev->flush_pending)) percpu_ref_put(&mddev->active_io) -> active_io is not released if (atomic_dec_and_test(&mddev->flush_pending)) -> missing release of active_io For consequence, mddev_suspend() will wait for 'active_io' to be zero forever. Fix this problem by releasing 'active_io' in submit_flushes() if 'flush_pending' is decreased to zero.

INFO

Published Date :

2024-05-01T12:49:21.063Z

Last Modified :

2025-05-04T09:02:30.069Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-27023 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-27023.

URL Resource
https://git.kernel.org/stable/c/02dad157ba11064d073f5499dc33552b227d5d3a cve-icon cve-icon
https://git.kernel.org/stable/c/11f81438927f84edfaaeb5d5f10856c3a1c1fc82 cve-icon cve-icon
https://git.kernel.org/stable/c/6b2ff10390b19a2364af622b6666b690443f9f3f cve-icon cve-icon
https://git.kernel.org/stable/c/855678ed8534518e2b428bcbcec695de9ba248e8 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024050105-CVE-2024-27023-4810@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-27023 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-27023 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact