Vulnerabilities > CVE-2024-45023 - Out-of-bounds Write vulnerability in Linux Kernel

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

linux

CWE-787

NVD

Published: 2024-09-11

Updated: 2024-09-13

Summary

In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as possible, however, if valid data only lands in slow disks, and a new normal disk is still in recovery, unrecovered data can be read: raid1_read_request read_balance raid1_should_read_first -> return false choose_best_rdev -> normal disk is not recovered, return -1 choose_bb_rdev -> missing the checking of recovery, return the normal disk -> read unrecovered data Root cause is that the checking of recovery is missing in choose_bb_rdev(). Hence add such checking to fix the problem. Also fix similar problem in choose_slow_rdev().

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 6.11 Linux Linux Kernel 6.9 Linux Linux Kernel 6.9.1 Linux Linux Kernel 6.9.2 Linux Linux Kernel 6.9.3 Linux Linux Kernel 6.9.5 Linux Linux Kernel 6.9.6 Linux Linux Kernel 6.9.8 Linux Linux Kernel 6.9.9 Linux Linux Kernel 6.9.10 Linux Linux Kernel 6.9.11 Linux Linux Kernel 6.9.12 Linux Linux Kernel 6.10 Linux Linux Kernel 6.10.0 Linux Linux Kernel 6.10.1 Linux Linux Kernel 6.10.2 Linux Linux Kernel 6.10.3	35

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References