Описание
In the Linux kernel, the following vulnerability has been resolved:
dm-verity: restart or panic on an I/O error
Maxim Suhanov reported that dm-verity doesn't crash if an I/O error happens. In theory, this could be used to subvert security, because an attacker can create sectors that return error with the Write Uncorrectable command. Some programs may misbehave if they have to deal with EIO.
This commit fixes dm-verity, so that if "panic_on_corruption" or "restart_on_corruption" was specified and an I/O error happens, the machine will panic or restart.
This commit also changes kernel_restart to emergency_restart - kernel_restart calls reboot notifiers and these reboot notifiers may wait for the bio that failed. emergency_restart doesn't call the notifiers.
In the Linux kernel, the following vulnerability has been resolved:
dm-verity: restart or panic on an I/O error
Maxim Suhanov reported that dm-verity doesn't crash if an I/O error happens. In theory, this could be used to subvert security, because an attacker can create sectors that return error with the Write Uncorrectable command. Some programs may misbehave if they have to deal with EIO.
This commit fixes dm-verity, so that if "panic_on_corruption" or "restart_on_corruption" was specified and an I/O error happens, the machine will panic or restart.
This commit also changes kernel_restart to emergency_restart - kernel_restart calls reboot notifiers and these reboot notifiers may wait for the bio that failed. emergency_restart doesn't call the notifiers.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-47725
- https://git.kernel.org/stable/c/338b32a232bbee39e52dd1486cbc0c9f458d4d69
- https://git.kernel.org/stable/c/b332bcca59143cfdd000957f8b78c28dd2ac1da4
- https://git.kernel.org/stable/c/cada2646b7483cce370eb3b046659df31d9d34d1
- https://git.kernel.org/stable/c/e6a3531dd542cb127c8de32ab1e54a48ae19962b
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
[REJECTED CVE] An issue has been identified in the Linux Kernel's dm-verity module, which ensures integrity verification for block devices. This issue arises because dm-verity does not crash when an I/O error occurs. In certain scenarios, an attacker could exploit this behavior by crafting sectors that trigger errors, such as through the Write Uncorrectable command. This could potentially subvert security mechanisms, as some programs may behave unpredictably or fail to handle the resulting I/O errors (EIO) correctly, leading to unintended system behavior.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.