Description

In the Linux kernel, the following vulnerability has been resolved: block: fix q->blkg_list corruption during disk rebind Multiple gendisk instances can allocated/added for single request queue in case of disk rebind. blkg may still stay in q->blkg_list when calling blkcg_init_disk() for rebind, then q->blkg_list becomes corrupted. Fix the list corruption issue by: - add blkg_init_queue() to initialize q->blkg_list & q->blkcg_mutex only - move calling blkg_init_queue() into blk_alloc_queue() The list corruption should be started since commit f1c006f1c685 ("blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()") which delays removing blkg from q->blkg_list into blkg_free_workfn().

INFO

Published Date :

2024-05-20T09:42:01.114Z

Last Modified :

2025-12-23T16:40:06.235Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-35974 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-35974.

URL Resource
https://git.kernel.org/stable/c/083b58373463a6e5ee60ecb135269348f68ad7df cve-icon cve-icon
https://git.kernel.org/stable/c/740ffad95ca8033bd6e080ed337655b13b4d38ac cve-icon cve-icon
https://git.kernel.org/stable/c/858c489d81d659af17a4d11cfaad2afb42e47a76 cve-icon cve-icon
https://git.kernel.org/stable/c/8b8ace080319a866f5dfe9da8e665ae51d971c54 cve-icon cve-icon
https://git.kernel.org/stable/c/b5dae1cd0d8368b4338430ff93403df67f0b8bcc cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024052024-CVE-2024-35974-7008@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-35974 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-35974 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact