CVE-2024-26671 Affecting kernel-headers package, versions <0:4.18.0-553.el8_10


Severity

Recommended
medium

Based on Rocky Linux security rating.

Threat Intelligence

EPSS
0.04% (15th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ROCKY8-KERNELHEADERS-7265015
  • published15 Jun 2024
  • disclosed2 Apr 2024

Introduced: 2 Apr 2024

CVE-2024-26671  (opens in a new tab)

How to fix?

Upgrade Rocky-Linux:8 kernel-headers to version 0:4.18.0-553.el8_10 or higher.
This issue was patched in RLSA-2024:3138.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-headers package and not the kernel-headers package as distributed by Rocky-Linux. See How to fix? for Rocky-Linux:8 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

blk-mq: fix IO hang from sbitmap wakeup race

In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure.

Then in __sbitmap_queue_wake_up(), waitqueue_active() may not observe the added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime blk_mq_mark_tag_wait() can't get driver tag successfully.

This issue can be reproduced by running the following test in loop, and fio hang can be observed in < 30min when running it on my test VM in laptop.

modprobe -r scsi_debug
modprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4
dev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename`
fio --filename=/dev/&#34;$dev&#34; --direct=1 --rw=randrw --bs=4k --iodepth=1 \
           --runtime=100 --numjobs=40 --time_based --name=test \
        --ioengine=libaio

Fix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which is just fine in case of running out of tag.

CVSS Scores

version 3.1