APPLIED: [SRU][F/J/M][PATCH 0/1] CVE-2024-23307
Roxana Nicolescu
roxana.nicolescu at canonical.com
Mon May 27 07:47:00 UTC 2024
On 03/05/2024 19:22, Magali Lemes wrote:
> [Impact]
> An integer overflow flaw was found in the raid5 subsystem in the Linux kernel.
> Concurrent executions of raid5_cache_count() and raid5_set_cache_size() may
> lead to inconsistent reads of conf->max_nr_stripes and conf->min_nr_stripes,
> such that conf->min_nr_stripes may exceed conf->max_nr_stripes and potentially
> cause an integer overflow.
>
> [Backport]
> Clean cherry-pick from linux-6.6.y.
>
> [Test]
> Compile and boot tested.
>
> [Where problems could occur]
> Any problems would be limited to systems that use RAID 4/5/6 configurations.
> As the fix touches code related to stripe cache, although unlikely, this could
> impact performance.
>
> Gui-Dong Han (1):
> md/raid5: fix atomicity violation in raid5_cache_count
>
> drivers/md/raid5.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
Applied to mantic:linux, jammy:linux, focal:linux master-next branches.
Thanks!
More information about the kernel-team
mailing list