[SRU][F/J/M][PATCH 0/1] CVE-2024-23307
Magali Lemes
magali.lemes at canonical.com
Fri May 3 17:22:31 UTC 2024
[Impact]
An integer overflow flaw was found in the raid5 subsystem in the Linux kernel.
Concurrent executions of raid5_cache_count() and raid5_set_cache_size() may
lead to inconsistent reads of conf->max_nr_stripes and conf->min_nr_stripes,
such that conf->min_nr_stripes may exceed conf->max_nr_stripes and potentially
cause an integer overflow.
[Backport]
Clean cherry-pick from linux-6.6.y.
[Test]
Compile and boot tested.
[Where problems could occur]
Any problems would be limited to systems that use RAID 4/5/6 configurations.
As the fix touches code related to stripe cache, although unlikely, this could
impact performance.
Gui-Dong Han (1):
md/raid5: fix atomicity violation in raid5_cache_count
drivers/md/raid5.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list