CVE-2024-43914

{"id": "CVE-2024-43914", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-26T11:15:05.380", "references": [{"url": "https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: md/raid5: evite BUG_ON() mientras contin\u00faa la remodelaci\u00f3n despu\u00e9s del reensamblaje. Actualmente, mdadm admite --revert-reshape para cancelar la remodelaci\u00f3n mientras se reensambla, como muestra la prueba 07revert-grow. Sin embargo, la prueba puede activar el siguiente BUG_ON(): kernel ERROR en drivers/md/raid5.c:6278! c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP PTI sello de evento irq: 158985 CPU: 6 PID: 891 Comm: md0_reshape No contaminado 6.9.0-03335-g7592a0b0049a #94 RIP: 0010:reshape_request+0x3f1/0xe60 Seguimiento de llamadas: raid5_sync_request+0x43d/0x550 md_do_sync+0xb7a/0x2110 md_thread+0x294/0x2b0 kthread+0x147/0x1c0 ret_from_fork+0x59/0x70 ret_from_fork_asm+0x1a/0x30 La causa principal es que --revert-resha pe actualizar los raid_disks de 5 a 4, mientras la posici\u00f3n de remodelaci\u00f3n a\u00fan est\u00e1 establecida, y despu\u00e9s de volver a ensamblar la matriz, la posici\u00f3n de remodelaci\u00f3n se leer\u00e1 desde el superbloque, luego, durante la remodelaci\u00f3n, fallar\u00e1 la verificaci\u00f3n de 'writepos' calculada por la posici\u00f3n de remodelaci\u00f3n anterior. Primero solucione este p\u00e1nico de la manera m\u00e1s f\u00e1cil, convirtiendo BUG_ON() en WARN_ON() y detenga la remodelaci\u00f3n si las comprobaciones fallan. Se se\u00f1al\u00f3 que mdadm tambi\u00e9n debe corregir --revert-shape, y probablemente md/raid tambi\u00e9n deber\u00eda mejorar la validaci\u00f3n de metadatos; sin embargo, esto significa que el reensamblaje fallar\u00e1 y debe haber herramientas de usuario para corregir los metadatos incorrectos."}], "lastModified": "2024-09-05T18:03:49.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B4EF915-550B-45E5-B2CA-648FEACD60FC", "versionEndExcluding": "4.19.320"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8961D98-9ACF-4188-BA88-44038B14BC28", "versionEndExcluding": "5.4.282", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE", "versionEndExcluding": "5.10.224", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94", "versionEndExcluding": "5.15.165", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89BEB24B-0F37-4C92-A397-564DA7CD8EE9", "versionEndExcluding": "6.1.105", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA11941E-81FB-484C-B583-881EEB488340", "versionEndExcluding": "6.6.46", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D074AE50-4A5E-499C-A2FD-75FD60DEA560", "versionEndExcluding": "6.10.5", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}