admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-409xx/CVE-2024-40925.json
cad-safe-bot c91693dc4a Auto-Update: 2024-07-21T02:00:18.731812+00:00
2024-07-21 02:03:14 +00:00

33 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-40925",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-12T13:15:15.343",
"lastModified": "2024-07-12T16:34:58.687",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix request.queuelist usage in flush\n\nFriedrich Weber reported a kernel crash problem and bisected to commit\n81ada09cc25e (\"blk-flush: reuse rq queuelist in flush state machine\").\n\nThe root cause is that we use \"list_move_tail(&rq->queuelist, pending)\"\nin the PREFLUSH/POSTFLUSH sequences. But rq->queuelist.next == xxx since\nit's popped out from plug->cached_rq in __blk_mq_alloc_requests_batch().\nWe don't initialize its queuelist just for this first request, although\nthe queuelist of all later popped requests will be initialized.\n\nFix it by changing to use \"list_add_tail(&rq->queuelist, pending)\" so\nrq->queuelist doesn't need to be initialized. It should be ok since rq\ncan't be on any list when PREFLUSH or POSTFLUSH, has no move actually.\n\nPlease note the commit 81ada09cc25e (\"blk-flush: reuse rq queuelist in\nflush state machine\") also has another requirement that no drivers would\ntouch rq->queuelist after blk_mq_end_request() since we will reuse it to\nadd rq to the post-flush pending list in POSTFLUSH. If this is not true,\nwe will have to revert that commit IMHO.\n\nThis updated version adds \"list_del_init(&rq->queuelist)\" in flush rq\ncallback since the dm layer may submit request of a weird invalid format\n(REQ_FSEQ_PREFLUSH | REQ_FSEQ_POSTFLUSH), which causes double list_add\nif without this \"list_del_init(&rq->queuelist)\". The weird invalid format\nproblem should be fixed in dm layer."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bloque: corrige el uso de request.queuelist en Flush Friedrich Weber inform\u00f3 un problema de falla del kernel y lo bisec\u00f3 para el commit 81ada09cc25e (\"blk-flush: reutilizar rq queuelist en la m\u00e1quina de estado de descarga\"). La causa principal es que usamos \"list_move_tail(&rq->queuelist, pendiente)\" en las secuencias PREFLUSH/POSTFLUSH. Pero rq->queuelist.next == xxx ya que sali\u00f3 del plug->cached_rq en __blk_mq_alloc_requests_batch(). No inicializamos su lista de colas solo para esta primera solicitud, aunque se inicializar\u00e1 la lista de colas de todas las solicitudes emergentes posteriores. Solucionelo cambiando para usar \"list_add_tail(&rq->queuelist, pendiente)\" para que no sea necesario inicializar rq->queuelist. Deber\u00eda estar bien ya que rq no puede estar en ninguna lista cuando PREFLUSH o POSTFLUSH, en realidad no tiene movimiento. Tenga en cuenta que el commit 81ada09cc25e (\"blk-flush: reutilizar rq queuelist en la m\u00e1quina de estado de descarga\") tambi\u00e9n tiene otro requisito de que ning\u00fan controlador toque rq->queuelist despu\u00e9s de blk_mq_end_request() ya que lo reutilizaremos para agregar rq al post-flush lista pendiente en POSTFLUSH. Si esto no es cierto, tendremos que revertir ese commit en mi humilde opini\u00f3n. Esta versi\u00f3n actualizada agrega \"list_del_init(&rq->queuelist)\" en la devoluci\u00f3n de llamada de Flush rq ya que la capa dm puede enviar una solicitud de un formato extra\u00f1o no v\u00e1lido (REQ_FSEQ_PREFLUSH | REQ_FSEQ_POSTFLUSH), lo que provoca el doble list_add si no se tiene este \"list_del_init(&rq->queuelist) \". El extra\u00f1o problema del formato no v\u00e1lido deber\u00eda solucionarse en la capa dm."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/87907bd69721a8506618a954d41a1de3040e88aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d0321c812d89c5910d8da8e4b10c891c6b96ff70",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe1e395563ccb051e9dbd8fa99859f5caaad2e71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink