ACK: [SRU][F/J/M][PATCH 0/1] CVE-2024-23307
Cengiz Can
cengiz.can at canonical.com
Mon May 6 22:04:45 UTC 2024
On 24-05-03 14:22:31, Magali Lemes wrote:
> [Impact]
> An integer overflow flaw was found in the raid5 subsystem in the Linux kernel.
> Concurrent executions of raid5_cache_count() and raid5_set_cache_size() may
> lead to inconsistent reads of conf->max_nr_stripes and conf->min_nr_stripes,
> such that conf->min_nr_stripes may exceed conf->max_nr_stripes and potentially
> cause an integer overflow.
>
> [Backport]
> Clean cherry-pick from linux-6.6.y.
>
> [Test]
> Compile and boot tested.
>
> [Where problems could occur]
> Any problems would be limited to systems that use RAID 4/5/6 configurations.
> As the fix touches code related to stripe cache, although unlikely, this could
> impact performance.
>
> Gui-Dong Han (1):
> md/raid5: fix atomicity violation in raid5_cache_count
Acked-by: Cengiz Can <cengiz.can at canonical.com>
>
> drivers/md/raid5.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list