cve-2024-42294
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2024-12-19 09:15
Severity ?
Summary
block: fix deadlock between sd_remove & sd_release
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544Patch
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42294",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:10:53.890596Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:29.244Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/genhd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5a5625a83eac91fdff1d5f0202ecfc45a31983c9",
              "status": "affected",
              "version": "eec1be4c30df73238b936fa9f3653773a6f8b15c",
              "versionType": "git"
            },
            {
              "lessThan": "f5418f48a93b69ed9e6a2281eee06b412f14a544",
              "status": "affected",
              "version": "eec1be4c30df73238b936fa9f3653773a6f8b15c",
              "versionType": "git"
            },
            {
              "lessThan": "7e04da2dc7013af50ed3a2beb698d5168d1e594b",
              "status": "affected",
              "version": "eec1be4c30df73238b936fa9f3653773a6f8b15c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/genhd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove \u0026 sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task \"kworker/0:0\":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task \"fsck.\":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q-\u003emq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(\u0026disk-\u003eopen_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q-\u003emq_freeze_depth)\n  mutex_lock(\u0026disk-\u003eopen_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\u0027t try to acquire disk-\u003eopen_mutex after freezing\nthe queue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:15:49.039Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b"
        }
      ],
      "title": "block: fix deadlock between sd_remove \u0026 sd_release",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42294",
    "datePublished": "2024-08-17T09:09:02.984Z",
    "dateReserved": "2024-07-30T07:40:12.269Z",
    "dateUpdated": "2024-12-19T09:15:49.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-42294\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-17T09:15:09.947\",\"lastModified\":\"2024-08-19T19:43:22.460\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nblock: fix deadlock between sd_remove \u0026 sd_release\\n\\nOur test report the following hung task:\\n\\n[ 2538.459400] INFO: task \\\"kworker/0:0\\\":7 blocked for more than 188 seconds.\\n[ 2538.459427] Call trace:\\n[ 2538.459430]  __switch_to+0x174/0x338\\n[ 2538.459436]  __schedule+0x628/0x9c4\\n[ 2538.459442]  schedule+0x7c/0xe8\\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\\n[ 2538.459459]  mutex_lock+0x30/0xd8\\n[ 2538.459462]  del_gendisk+0xdc/0x350\\n[ 2538.459466]  sd_remove+0x30/0x60\\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\\n[ 2538.459474]  device_release_driver+0x18/0x28\\n[ 2538.459478]  bus_remove_device+0x15c/0x174\\n[ 2538.459483]  device_del+0x1d0/0x358\\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\\n[ 2538.459493]  scsi_forget_host+0x50/0x70\\n[ 2538.459497]  scsi_remove_host+0x80/0x180\\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\\n[ 2538.459514]  device_release_driver+0x18/0x28\\n[ 2538.459518]  bus_remove_device+0x15c/0x174\\n[ 2538.459523]  device_del+0x1d0/0x358\\n[ 2538.459528]  usb_disable_device+0x84/0x194\\n[ 2538.459532]  usb_disconnect+0xec/0x300\\n[ 2538.459537]  hub_event+0xb80/0x1870\\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\\n[ 2538.459545]  worker_thread+0x244/0x334\\n[ 2538.459549]  kthread+0x114/0x1bc\\n\\n[ 2538.461001] INFO: task \\\"fsck.\\\":15415 blocked for more than 188 seconds.\\n[ 2538.461014] Call trace:\\n[ 2538.461016]  __switch_to+0x174/0x338\\n[ 2538.461021]  __schedule+0x628/0x9c4\\n[ 2538.461025]  schedule+0x7c/0xe8\\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\\n[ 2538.461051]  sd_release+0x50/0x94\\n[ 2538.461054]  blkdev_put+0x190/0x28c\\n[ 2538.461058]  blkdev_release+0x28/0x40\\n[ 2538.461063]  __fput+0xf8/0x2a8\\n[ 2538.461066]  __fput_sync+0x28/0x5c\\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\\n[ 2538.461073]  invoke_syscall+0x58/0x114\\n[ 2538.461078]  el0_svc_common+0xac/0xe0\\n[ 2538.461082]  do_el0_svc+0x1c/0x28\\n[ 2538.461087]  el0_svc+0x38/0x68\\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\\n\\n  T1:\\t\\t\\t\\tT2:\\n  sd_remove\\n  del_gendisk\\n  __blk_mark_disk_dead\\n  blk_freeze_queue_start\\n  ++q-\u003emq_freeze_depth\\n  \\t\\t\\t\\tbdev_release\\n \\t\\t\\t\\tmutex_lock(\u0026disk-\u003eopen_mutex)\\n  \\t\\t\\t\\tsd_release\\n \\t\\t\\t\\tscsi_execute_cmd\\n \\t\\t\\t\\tblk_queue_enter\\n \\t\\t\\t\\twait_event(!q-\u003emq_freeze_depth)\\n  mutex_lock(\u0026disk-\u003eopen_mutex)\\n\\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\\nmake sure we don\u0027t try to acquire disk-\u003eopen_mutex after freezing\\nthe queue.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bloquear: soluciona el punto muerto entre sd_remove y sd_release Nuestra prueba informa la siguiente tarea colgada: [ 2538.459400] INFO: task \\\"kworker/0:0\\\":7 blocked for more than 188 seconds. [ 2538.459427] Call trace: [ 2538.459430] __switch_to+0x174/0x338 [ 2538.459436] __schedule+0x628/0x9c4 [ 2538.459442] schedule+0x7c/0xe8 [ 2538.459447] schedule_preempt_disabled+0x24/0x40 [ 2538.459453] __mutex_lock+0x3ec/0xf04 [ 2538.459456] __mutex_lock_slowpath+0x14/0x24 [ 2538.459459] mutex_lock+0x30/0xd8 [ 2538.459462] del_gendisk+0xdc/0x350 [ 2538.459466] sd_remove+0x30/0x60 [ 2538.459470] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459474] device_release_driver+0x18/0x28 [ 2538.459478] bus_remove_device+0x15c/0x174 [ 2538.459483] device_del+0x1d0/0x358 [ 2538.459488] __scsi_remove_device+0xa8/0x198 [ 2538.459493] scsi_forget_host+0x50/0x70 [ 2538.459497] scsi_remove_host+0x80/0x180 [ 2538.459502] usb_stor_disconnect+0x68/0xf4 [ 2538.459506] usb_unbind_interface+0xd4/0x280 [ 2538.459510] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459514] device_release_driver+0x18/0x28 [ 2538.459518] bus_remove_device+0x15c/0x174 [ 2538.459523] device_del+0x1d0/0x358 [ 2538.459528] usb_disable_device+0x84/0x194 [ 2538.459532] usb_disconnect+0xec/0x300 [ 2538.459537] hub_event+0xb80/0x1870 [ 2538.459541] process_scheduled_works+0x248/0x4dc [ 2538.459545] worker_thread+0x244/0x334 [ 2538.459549] kthread+0x114/0x1bc [ 2538.461001] INFO: task \\\"fsck.\\\":15415 blocked for more than 188 seconds. [ 2538.461014] Call trace: [ 2538.461016] __switch_to+0x174/0x338 [ 2538.461021] __schedule+0x628/0x9c4 [ 2538.461025] schedule+0x7c/0xe8 [ 2538.461030] blk_queue_enter+0xc4/0x160 [ 2538.461034] blk_mq_alloc_request+0x120/0x1d4 [ 2538.461037] scsi_execute_cmd+0x7c/0x23c [ 2538.461040] ioctl_internal_command+0x5c/0x164 [ 2538.461046] scsi_set_medium_removal+0x5c/0xb0 [ 2538.461051] sd_release+0x50/0x94 [ 2538.461054] blkdev_put+0x190/0x28c [ 2538.461058] blkdev_release+0x28/0x40 [ 2538.461063] __fput+0xf8/0x2a8 [ 2538.461066] __fput_sync+0x28/0x5c [ 2538.461070] __arm64_sys_close+0x84/0xe8 [ 2538.461073] invoke_syscall+0x58/0x114 [ 2538.461078] el0_svc_common+0xac/0xe0 [ 2538.461082] do_el0_svc+0x1c/0x28 [ 2538.461087] el0_svc+0x38/0x68 [ 2538.461090] el0t_64_sync_handler+0x68/0xbc [ 2538.461093] el0t_64_sync+0x1a8/0x1ac T1: T2: sd_remove del_gendisk __blk_mark_disk_dead blk_freeze_queue_start ++q-\u0026gt;mq_freeze_depth bdev_release mutex_lock(\u0026amp;disk-\u0026gt;open_mutex) sd_release scsi_execute_cmd blk_queue_enter wait_event(!q-\u0026gt;mq_freeze_depth) mutex_lock(\u0026amp;disk-\u0026gt;open_mutex) SCSI no configura GD_OWNS_QUEUE, por lo que QUEUE_FLAG_DYING no est\u00e1 configurado en este escenario. Este es un cl\u00e1sico punto muerto de ABBA. Para solucionar el punto muerto, aseg\u00farese de no intentar adquirir disco-\u0026gt;open_mutex despu\u00e9s de congelar la cola.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5\",\"versionEndExcluding\":\"6.6.44\",\"matchCriteriaId\":\"9C43C45E-798F-4F27-A7BF-764CEB4C1BC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.10.3\",\"matchCriteriaId\":\"92D388F2-1EAF-4CFA-AC06-5B26D762EA7D\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.