| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240227184057.2368370-15-gregkh@linuxfoundation.org> Date: Tue, 27 Feb 2024 19:40:52 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-46950: md/raid1: properly indicate failure when ending a failed write request Description =========== In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays using bitmaps. Without this fix, the bitmap bits for the failed I/O end up being cleared. Since we are in the failure leg of raid1_end_write_request, the request either needs to be retried (R1BIO_WriteError) or failed (R1BIO_Degraded). The Linux kernel CVE team has assigned CVE-2021-46950 to this issue. Affected and fixed versions =========================== Issue introduced in 4.14.147 with commit 900c531899f5 and fixed in 4.14.233 with commit 12216d0919b6 Issue introduced in 4.19.77 with commit 1cd972e0a107 and fixed in 4.19.191 with commit a6e17cab00fc Issue introduced in 5.4 with commit eeba6809d8d5 and fixed in 5.4.118 with commit 6920cef604fa Issue introduced in 5.4 with commit eeba6809d8d5 and fixed in 5.10.36 with commit 661061a45e32 Issue introduced in 5.4 with commit eeba6809d8d5 and fixed in 5.11.20 with commit 59452e551784 Issue introduced in 5.4 with commit eeba6809d8d5 and fixed in 5.12.3 with commit 538244fba59f Issue introduced in 5.4 with commit eeba6809d8d5 and fixed in 5.13 with commit 2417b9869b81 Please see https://www.kernel.org or a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-46950 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/raid1.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/12216d0919b64ee2ea5dc7a50e455670f44383d5 https://git.kernel.org/stable/c/a6e17cab00fc5bf85472434c52ac751426257c6f https://git.kernel.org/stable/c/6920cef604fa57f9409e3960413e9cc11f5c5a40 https://git.kernel.org/stable/c/661061a45e32d8b2cc0e306da9f169ad44011382 https://git.kernel.org/stable/c/59452e551784b7a57a45d971727e9db63b192515 https://git.kernel.org/stable/c/538244fba59fde17186322776247cd9c05be86dd https://git.kernel.org/stable/c/2417b9869b81882ab90fd5ed1081a1cb2d4db1dd
Powered by blists - more mailing lists