* CVE-2021-46950: md/raid1: properly indicate failure when ending a failed write request
@ 2024-02-27 18:40 Greg Kroah-Hartman
0 siblings, 0 replies; only message in thread
From: Greg Kroah-Hartman @ 2024-02-27 18:40 UTC (permalink / raw)
To: linux-cve-announce; +Cc: Greg Kroah-Hartman
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
md/raid1: properly indicate failure when ending a failed write request
This patch addresses a data corruption bug in raid1 arrays using bitmaps.
Without this fix, the bitmap bits for the failed I/O end up being cleared.
Since we are in the failure leg of raid1_end_write_request, the request
either needs to be retried (R1BIO_WriteError) or failed (R1BIO_Degraded).
The Linux kernel CVE team has assigned CVE-2021-46950 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.14.147 with commit 900c531899f5 and fixed in 4.14.233 with commit 12216d0919b6
Issue introduced in 4.19.77 with commit 1cd972e0a107 and fixed in 4.19.191 with commit a6e17cab00fc
Issue introduced in 5.4 with commit eeba6809d8d5 and fixed in 5.4.118 with commit 6920cef604fa
Issue introduced in 5.4 with commit eeba6809d8d5 and fixed in 5.10.36 with commit 661061a45e32
Issue introduced in 5.4 with commit eeba6809d8d5 and fixed in 5.11.20 with commit 59452e551784
Issue introduced in 5.4 with commit eeba6809d8d5 and fixed in 5.12.3 with commit 538244fba59f
Issue introduced in 5.4 with commit eeba6809d8d5 and fixed in 5.13 with commit 2417b9869b81
Please see https://www.kernel.org or a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2021-46950
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/md/raid1.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/12216d0919b64ee2ea5dc7a50e455670f44383d5
https://git.kernel.org/stable/c/a6e17cab00fc5bf85472434c52ac751426257c6f
https://git.kernel.org/stable/c/6920cef604fa57f9409e3960413e9cc11f5c5a40
https://git.kernel.org/stable/c/661061a45e32d8b2cc0e306da9f169ad44011382
https://git.kernel.org/stable/c/59452e551784b7a57a45d971727e9db63b192515
https://git.kernel.org/stable/c/538244fba59fde17186322776247cd9c05be86dd
https://git.kernel.org/stable/c/2417b9869b81882ab90fd5ed1081a1cb2d4db1dd
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-02-27 18:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-27 18:40 CVE-2021-46950: md/raid1: properly indicate failure when ending a failed write request Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).