- Description
- In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h explains the absence of list_empty_rcu() and cautions programmers against relying on a list_empty() -> list_first() sequence in RCU safe code. This is because each of these functions performs its own READ_ONCE() of the list head. This can lead to a situation where the list_empty() sees a valid list entry, but the subsequent list_first() sees a different view of list head state after a modification. In the case of dm-thin, this author had a production box crash from a GP fault in the process_deferred_bios path. This function saw a valid list head in get_first_thin() but when it subsequently dereferenced that and turned it into a thin_c, it got the inside of the struct pool, since the list was now empty and referring to itself. The kernel on which this occurred printed both a warning about a refcount_t being saturated, and a UBSAN error for an out-of-bounds cpuid access in the queued spinlock, prior to the fault itself. When the resulting kdump was examined, it was possible to see another thread patiently waiting in thin_dtr's synchronize_rcu. The thin_dtr call managed to pull the thin_c out of the active thins list (and have it be the last entry in the active_thins list) at just the wrong moment which lead to this crash. Fortunately, the fix here is straight forward. Switch get_first_thin() function to use list_first_or_null_rcu() which performs just a single READ_ONCE() and returns NULL if the list is already empty. This was run against the devicemapper test suite's thin-provisioning suites for delete and suspend and no regressions were observed.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
- Products
- linux_kernel
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- Hype score
- Not currently trending
SIOSセキュリティブログを更新しました。 Linux Kernelの脆弱性(CVE-2024-57904〜CVE-2024-57929,CVE-2025-21631〜CVE-2025-21664) https://t.co/n0gFRC5oFB
@omokazuki
26 Jan 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21664 In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h exp… https://t.co/dytxCFrEUh
@CVEnew
21 Jan 2025
98 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06E3D8A0-2ABD-417B-B56D-AA20015A3FEF",
"versionEndExcluding": "5.4.290",
"versionStartIncluding": "3.15.1"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F732162B-ED7E-4367-A5C2-B24FD9B0D33B",
"versionEndExcluding": "5.10.234",
"versionStartIncluding": "5.5"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71A3AFDC-A3CA-454F-8917-E998BBDE36F8",
"versionEndExcluding": "5.15.177",
"versionStartIncluding": "5.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AFD566B-ECC6-46F1-92F7-12A615D5685F",
"versionEndExcluding": "6.1.125",
"versionStartIncluding": "5.16"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33E12097-C88A-45B4-9677-2A961A08DD3E",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "6.2"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02D604F6-10D1-4F7B-A022-0888406A1121",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.15:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F138B0D1-8A71-47E3-B203-17061370DFD9"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.15:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65A165BE-BAC4-4DC6-A333-72A486481AD0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.15:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E897136-35E2-48BC-BF4F-2160B2A00D69"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.15:rc6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6598CE29-AAD6-4FD9-B662-6AEE6812A8E7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.15:rc7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C02C163F-D1BD-4284-B652-AFB5EAFE9879"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.15:rc8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D28A725C-B7B8-4634-8C5C-FC56439B51AF"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2"
}
],
"operator": "OR"
}
]
}
]