Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-v4ek-txkx-27fp
Vulnerability ID VCID-v4ek-txkx-27fp
Aliases CVE-2024-26962
Summary In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, in following cases reshape will never make progress hence IO will hang: 1) the array is read-only; 2) MD_RECOVERY_WAIT is set; 3) MD_RECOVERY_FROZEN is set; After commit c467e97f079f ("md/raid6: use valid sector values to determine if an I/O should wait on the reshape") fix the problem that IO across reshape position doesn't wait for reshape, the dm-raid test shell/lvconvert-raid-reshape.sh start to hang: [root@fedora ~]# cat /proc/979/stack [<0>] wait_woken+0x7d/0x90 [<0>] raid5_make_request+0x929/0x1d70 [raid456] [<0>] md_handle_request+0xc2/0x3b0 [md_mod] [<0>] raid_map+0x2c/0x50 [dm_raid] [<0>] __map_bio+0x251/0x380 [dm_mod] [<0>] dm_submit_bio+0x1f0/0x760 [dm_mod] [<0>] __submit_bio+0xc2/0x1c0 [<0>] submit_bio_noacct_nocheck+0x17f/0x450 [<0>] submit_bio_noacct+0x2bc/0x780 [<0>] submit_bio+0x70/0xc0 [<0>] mpage_readahead+0x169/0x1f0 [<0>] blkdev_readahead+0x18/0x30 [<0>] read_pages+0x7c/0x3b0 [<0>] page_cache_ra_unbounded+0x1ab/0x280 [<0>] force_page_cache_ra+0x9e/0x130 [<0>] page_cache_sync_ra+0x3b/0x110 [<0>] filemap_get_pages+0x143/0xa30 [<0>] filemap_read+0xdc/0x4b0 [<0>] blkdev_read_iter+0x75/0x200 [<0>] vfs_read+0x272/0x460 [<0>] ksys_read+0x7a/0x170 [<0>] __x64_sys_read+0x1c/0x30 [<0>] do_syscall_64+0xc6/0x230 [<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 This is because reshape can't make progress. For md/raid, the problem doesn't exist because register new sync_thread doesn't rely on the IO to be done any more: 1) If array is read-only, it can switch to read-write by ioctl/sysfs; 2) md/raid never set MD_RECOVERY_WAIT; 3) If MD_RECOVERY_FROZEN is set, mddev_suspend() doesn't hold 'reconfig_mutex', hence it can be cleared and reshape can continue by sysfs api 'sync_action'. However, I'm not sure yet how to avoid the problem in dm-raid yet. This patch on the one hand make sure raid_message() can't change sync_thread() through raid_message() after presuspend(), on the other hand detect the above 3 cases before wait for IO do be done in dm_suspend(), and let dm-raid requeue those IO.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26962.json
epss 8e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-26962
epss 8e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-26962
epss 8e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-26962
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://git.kernel.org/stable/c/41425f96d7aa59bc865f60f5dda3d7697b555677
ssvc Track https://git.kernel.org/stable/c/5943a34bf6bab5801e08a55f63e1b8d5bc90dae1
ssvc Track https://git.kernel.org/stable/c/a8d249d770cb357d16a2097b548d2e4c1c137304
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26962.json
https://api.first.org/data/v1/epss?cve=CVE-2024-26962
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2278174 https://bugzilla.redhat.com/show_bug.cgi?id=2278174
41425f96d7aa59bc865f60f5dda3d7697b555677 https://git.kernel.org/stable/c/41425f96d7aa59bc865f60f5dda3d7697b555677
5943a34bf6bab5801e08a55f63e1b8d5bc90dae1 https://git.kernel.org/stable/c/5943a34bf6bab5801e08a55f63e1b8d5bc90dae1
a8d249d770cb357d16a2097b548d2e4c1c137304 https://git.kernel.org/stable/c/a8d249d770cb357d16a2097b548d2e4c1c137304
RHSA-2024:9315 https://access.redhat.com/errata/RHSA-2024:9315
USN-6816-1 https://usn.ubuntu.com/6816-1/
USN-6817-1 https://usn.ubuntu.com/6817-1/
USN-6817-2 https://usn.ubuntu.com/6817-2/
USN-6817-3 https://usn.ubuntu.com/6817-3/
USN-6878-1 https://usn.ubuntu.com/6878-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26962.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:45:26Z/ Found at https://git.kernel.org/stable/c/41425f96d7aa59bc865f60f5dda3d7697b555677
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:45:26Z/ Found at https://git.kernel.org/stable/c/5943a34bf6bab5801e08a55f63e1b8d5bc90dae1
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:45:26Z/ Found at https://git.kernel.org/stable/c/a8d249d770cb357d16a2097b548d2e4c1c137304
Exploit Prediction Scoring System (EPSS)
Percentile 0.00734
EPSS Score 8e-05
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:50:10.176238+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0