SB20240620268 - Resource management error in Linux kernel md driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2024-26880)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/69836d9329f0b4c58faaf3d886a7748ddb5bf718
• https://git.kernel.org/stable/c/da7ece2197101b1469853e6b5e915be1e3896d52
• https://git.kernel.org/stable/c/f89bd27709376d37ff883067193320c58a8c1d5a
• https://git.kernel.org/stable/c/03ad5ad53e51abf3a4c7538c1bc67a5982b41dc5
• https://git.kernel.org/stable/c/ad10289f68f45649816cc68eb93f45fd5ec48a15
• https://git.kernel.org/stable/c/15a3fc5c8774c17589dabfe1d642d40685c985af
• https://git.kernel.org/stable/c/ef02d8edf738557af2865c5bfb66a03c4e071be7
• https://git.kernel.org/stable/c/360a7d1be8112654f1fb328ed3862be630bca3f4
• https://git.kernel.org/stable/c/65e8fbde64520001abf1c8d0e573561b4746ef38
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.311
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2