SB20250117100 - Improper locking in Linux kernel block

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2024-55642)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the BLK_ZONE_WPLUG_PLUGGED(), blkdev_report_zones(), disk_put_zone_wplug(), disk_should_remove_zone_wplug(), INIT_HLIST_NODE(), disk_zone_wplug_abort(), disk_zone_wplug_sync_wp_offset(), blk_zone_wplug_handle_reset_or_finish(), blk_zone_wplug_handle_reset_all(), blk_zone_wplug_prepare_bio(), blk_zone_wplug_handle_write(), disk_zone_wplug_unplug_bio(), blk_zone_write_plug_bio_endio(), blk_zone_wplug_bio_work(), disk_zone_wplugs_hash_size(), disk_free_zone_resources(), blk_revalidate_seq_zone() and blk_revalidate_disk_zones() functions in block/blk-zoned.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/7fa80134cf266325fa61139320091001c9b3c477
• https://git.kernel.org/stable/c/fe0418eb9bd69a19a948b297c8de815e05f3cde1
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.6
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13