CVE-2024-40925

12.07.2024, 13:15

In the Linux kernel, the following vulnerability has been resolved:

block: fix request.queuelist usage in flush

Friedrich Weber reported a kernel crash problem and bisected to commit
81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine").

The root cause is that we use "list_move_tail(&rq->queuelist, pending)"
in the PREFLUSH/POSTFLUSH sequences. But rq->queuelist.next == xxx since
it's popped out from plug->cached_rq in __blk_mq_alloc_requests_batch().
We don't initialize its queuelist just for this first request, although
the queuelist of all later popped requests will be initialized.

Fix it by changing to use "list_add_tail(&rq->queuelist, pending)" so
rq->queuelist doesn't need to be initialized. It should be ok since rq
can't be on any list when PREFLUSH or POSTFLUSH, has no move actually.

Please note the commit 81ada09cc25e ("blk-flush: reuse rq queuelist in
flush state machine") also has another requirement that no drivers would
touch rq->queuelist after blk_mq_end_request() since we will reuse it to
add rq to the post-flush pending list in POSTFLUSH. If this is not true,
we will have to revert that commit IMHO.

This updated version adds "list_del_init(&rq->queuelist)" in flush rq
callback since the dm layer may submit request of a weird invalid format
(REQ_FSEQ_PREFLUSH | REQ_FSEQ_POSTFLUSH), which causes double list_add
if without this "list_del_init(&rq->queuelist)". The weird invalid format
problem should be fixed in dm layer.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
Linux	CNA	---	---
CVE	ADP	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 31%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bookworm	6.1.137-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm (security)	6.1.140-1 fixed
trixie	6.12.27-1 fixed
sid	6.12.30-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

oracular	not-affected
noble	Fixed 6.8.0-44.44 released
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-allwinner-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws

oracular	not-affected
noble	Fixed 6.8.0-1015.16 released
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-aws-5.0

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-aws-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-aws-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-aws-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.5

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-1015.16~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-fips

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	dne
trusty	dne

linux-aws-hwe

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	not-affected
trusty	dne

linux-azure

oracular	not-affected
noble	Fixed 6.8.0-1014.16 released
jammy	not-affected
focal	not-affected
bionic	ignored
xenial	not-affected
trusty	not-affected

linux-azure-4.15

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-azure-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.5

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-1014.16~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-edge

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-azure-fde

oracular	dne
noble	dne
jammy	not-affected
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-fips

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	dne
trusty	dne

linux-bluefield

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-fips

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-gcp

oracular	not-affected
noble	Fixed 6.8.0-1014.16 released
jammy	not-affected
focal	not-affected
bionic	ignored
xenial	not-affected
trusty	dne

linux-gcp-4.15

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gcp-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.5

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-1014.16~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-fips

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	dne
trusty	dne

linux-gke

oracular	dne
noble	Fixed 6.8.0-1010.13 released
jammy	not-affected
focal	ignored
bionic	dne
xenial	ignored
trusty	dne

linux-gke-4.15

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gke-5.15

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gke-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gkeop

oracular	dne
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-gkeop-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-gkeop-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-hwe

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	not-affected
trusty	dne

linux-hwe-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-hwe-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-45.45~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-edge

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-ibm

oracular	dne
noble	Fixed 6.8.0-1012.12 released
jammy	not-affected
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-ibm-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-ibm-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-intel

oracular	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-intel-iot-realtime

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-iotg

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-iotg-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-iot

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-kvm

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-laptop

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency

oracular	not-affected
noble	Fixed 6.8.0-44.44.1 released
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-44.44.1~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-xenial

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	not-affected

linux-nvidia

oracular	dne
noble	Fixed 6.8.0-1013.14 released
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.5

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-1013.14~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-lowlatency

oracular	dne
noble	Fixed 6.8.0-1013.14.1 released
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-oem-5.10

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.14

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.17

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.6

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.0

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.1

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.11

oracular	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.5

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.8

oracular	dne
noble	Fixed 6.8.0-1012.12 released
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle

oracular	not-affected
noble	Fixed 6.8.0-1012.12 released
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-oracle-5.0

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-oracle-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-oracle-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-oracle-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-6.5

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-1012.12~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-raspi

oracular	not-affected
noble	Fixed 6.8.0-1011.12 released
jammy	not-affected
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-raspi-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-raspi-realtime

oracular	dne
noble	Fixed 6.8.0-2010.10 released
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-raspi2

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	ignored
xenial	ignored
trusty	dne

linux-realtime

oracular	not-affected
noble	Fixed 6.8.1-1008.8 released
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv

oracular	not-affected
noble	Fixed 6.8.0-44.44.1 released
jammy	ignored
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-6.5

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-44.44.1~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-6.5

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-xilinx-zynqmp

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

References

https://git.kernel.org/stable/c/87907bd69721a8506618a954d41a1de3040e88aa

https://git.kernel.org/stable/c/d0321c812d89c5910d8da8e4b10c891c6b96ff70

https://git.kernel.org/stable/c/fe1e395563ccb051e9dbd8fa99859f5caaad2e71

https://git.kernel.org/stable/c/87907bd69721a8506618a954d41a1de3040e88aa

https://git.kernel.org/stable/c/d0321c812d89c5910d8da8e4b10c891c6b96ff70

https://git.kernel.org/stable/c/fe1e395563ccb051e9dbd8fa99859f5caaad2e71