ACK: [SRU][F/J/M][PATCH 0/1] CVE-2024-23307
Tim Gardner
tim.gardner at canonical.com
Mon May 6 14:53:21 UTC 2024
On 5/3/24 11:22 AM, Magali Lemes wrote:
> [Impact]
> An integer overflow flaw was found in the raid5 subsystem in the Linux kernel.
> Concurrent executions of raid5_cache_count() and raid5_set_cache_size() may
> lead to inconsistent reads of conf->max_nr_stripes and conf->min_nr_stripes,
> such that conf->min_nr_stripes may exceed conf->max_nr_stripes and potentially
> cause an integer overflow.
>
> [Backport]
> Clean cherry-pick from linux-6.6.y.
>
> [Test]
> Compile and boot tested.
>
> [Where problems could occur]
> Any problems would be limited to systems that use RAID 4/5/6 configurations.
> As the fix touches code related to stripe cache, although unlikely, this could
> impact performance.
>
> Gui-Dong Han (1):
> md/raid5: fix atomicity violation in raid5_cache_count
>
> drivers/md/raid5.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list