CVE-2024-26880: Linux Kernel Vulnerability - dm: Call the Resume Method on Internal Suspend

A recently discovered vulnerability in the Linux kernel has been resolved. The issue stems from the resume method not being called on internal suspend in the device-mapper (dm) component. This article will discuss the vulnerability, its effects, and the provided fix. Additionally, we'll look at a code snippet that demonstrates the problem and links to original references for more information.

Exploit Details

A crash was reported when experimenting with the lvm2 testsuite in the Linux kernel. The list corruption causing the crash was a result of the postsuspend and resume methods not being correctly paired. Two consecutive calls to the origin_postsuspend function occurred. The second call attempted to remove the "hash_list" entry from a list, while it had already been removed by the first call.

To resolve this issue, the __dm_internal_resume function was updated to call the preresume and resume methods of the table's targets. This ensures that the suspend and resume methods are correctly paired, preventing a kernel crash.

During this process, if the preresume method of a target fails, the DMF_SUSPENDED flag is set to fake a normal suspend. This may confuse userspace tools but will prevent a kernel crash.

The crash, demonstrated below, resulted from the list corruption issue

kernel BUG at lib/list_debug.c:56!
invalid opcode: 000 [#1] PREEMPT SMP
CPU: 1 PID: 8343 Comm: dmsetup Not tainted 6.8.-rc6 #4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.-2 04/01/2014

For further information on this vulnerability and its fix, refer to the following sources

- Linux Kernel Mailing List (LKML)
- git.kernel.org - Linux kernel source tree commit

Conclusion

The CVE-2024-26880 vulnerability involving the resume method not being called on internal suspend within the Linux kernel's device-mapper component has been resolved. Users are encouraged to update their Linux kernel to the latest version to ensure this vulnerability has been patched.

Remember to keep your systems up to date and stay informed about new vulnerabilities and their respective patches to ensure the security of your devices.

Timeline

Published on: 04/17/2024 11:15:09 UTC
Last modified on: 06/27/2024 12:15:21 UTC