CVE-2024-26756: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: md: Don't register sync_thread for reshape directly Currently, if reshape is interrupted, then reassemble the array will register sync_thread directly from pers->run(), in this case 'MD_RECOVERY_RUNNING' is set directly, however, there is no guarantee that md_do_sync() will be executed, hence stop_sync_thread() will hang because 'MD_RECOVERY_RUNNING' can't be cleared. Last patch make sure that md_do_sync() will set MD_RECOVERY_DONE, however, following hang can still be triggered by dm-raid test shell/lvconvert-raid-reshape.sh occasionally: [root@fedora ~]# cat /proc/1982/stack [<0>] stop_sync_thread+0x1ab/0x270 [md_mod] [<0>] md_frozen_sync_thread+0x5c/0xa0 [md_mod] [<0>] raid_presuspend+0x1e/0x70 [dm_raid] [<0>] dm_table_presuspend_targets+0x40/0xb0 [dm_mod] [<0>] __dm_destroy+0x2a5/0x310 [dm_mod] [<0>] dm_destroy+0x16/0x30 [dm_mod] [<0>] dev_remove+0x165/0x290 [dm_mod] [<0>] ctl_ioctl+0x4bb/0x7b0 [dm_mod] [<0>] dm_ctl_ioctl+0x11/0x20 [dm_mod] [<0>] vfs_ioctl+0x21/0x60 [<0>] __x64_sys_ioctl+0xb9/0xe0 [<0>] do_syscall_64+0xc6/0x230 [<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 Meanwhile mddev->recovery is: MD_RECOVERY_RUNNING | MD_RECOVERY_INTR | MD_RECOVERY_RESHAPE | MD_RECOVERY_FROZEN Fix this problem by remove the code to register sync_thread directly from raid10 and raid5. And let md_check_recovery() to register sync_thread.
AI Analysis
Technical Summary
CVE-2024-26756 is a vulnerability identified in the Linux kernel's md (multiple device) subsystem, specifically related to RAID array reshape operations. The issue arises when a reshape operation is interrupted and the system attempts to reassemble the RAID array. In this scenario, the kernel registers a sync_thread directly from pers->run(), setting the MD_RECOVERY_RUNNING flag without guaranteeing that md_do_sync() will execute. This leads to a situation where stop_sync_thread() hangs indefinitely because the MD_RECOVERY_RUNNING flag cannot be cleared. The problem is exacerbated by the fact that md_do_sync() is responsible for setting MD_RECOVERY_DONE, which signals the completion of recovery. The vulnerability can cause system hangs during RAID reshape or recovery operations, as demonstrated by the dm-raid test shell script lvconvert-raid-reshape.sh, which occasionally triggers this hang. The root cause is the direct registration of sync_thread from raid10 and raid5 code paths, bypassing the proper recovery checks. The fix involves removing this direct registration and delegating sync_thread registration to md_check_recovery(), ensuring proper state management and preventing the hang condition. This vulnerability affects Linux kernel versions identified by the commit hash f67055780caac6a99f43834795c43acf99eba6a6 and is relevant to systems using software RAID configurations managed by the md subsystem. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems that rely on Linux software RAID configurations for data redundancy and availability. The md subsystem is widely used in enterprise Linux distributions common in Europe, including Red Hat Enterprise Linux, CentOS, Fedora, Debian, and Ubuntu. A hang during RAID reshape or recovery can lead to prolonged system unavailability, impacting critical services and data access. This can disrupt business operations, especially in environments where high availability and data integrity are paramount, such as financial institutions, healthcare providers, and public sector organizations. The inability to clear recovery flags and stop sync threads may require manual intervention or system reboots, increasing downtime and operational costs. While the vulnerability does not appear to allow privilege escalation or data corruption directly, the denial-of-service effect on storage subsystems can have cascading impacts on dependent applications and services. Given the prevalence of Linux in server infrastructure across Europe, the potential for operational disruption is significant, particularly in data centers and cloud environments that utilize software RAID for storage management.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the patch for CVE-2024-26756 as soon as vendor updates become available. Until patched, administrators should avoid interrupting RAID reshape operations and monitor RAID array health closely to detect early signs of hangs or recovery issues. Implementing robust backup and disaster recovery procedures is critical to mitigate potential data availability impacts. Additionally, organizations can consider temporarily disabling reshape operations or scheduling them during maintenance windows to minimize operational risk. Monitoring kernel logs and system performance metrics related to md and dm-raid modules can help identify attempts to trigger the hang condition. For environments using custom or older kernels, backporting the patch or applying vendor-provided fixes is recommended. Finally, educating system administrators about the symptoms and recovery steps for this issue will reduce downtime in case the hang occurs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Poland, Belgium, Finland
CVE-2024-26756: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: md: Don't register sync_thread for reshape directly Currently, if reshape is interrupted, then reassemble the array will register sync_thread directly from pers->run(), in this case 'MD_RECOVERY_RUNNING' is set directly, however, there is no guarantee that md_do_sync() will be executed, hence stop_sync_thread() will hang because 'MD_RECOVERY_RUNNING' can't be cleared. Last patch make sure that md_do_sync() will set MD_RECOVERY_DONE, however, following hang can still be triggered by dm-raid test shell/lvconvert-raid-reshape.sh occasionally: [root@fedora ~]# cat /proc/1982/stack [<0>] stop_sync_thread+0x1ab/0x270 [md_mod] [<0>] md_frozen_sync_thread+0x5c/0xa0 [md_mod] [<0>] raid_presuspend+0x1e/0x70 [dm_raid] [<0>] dm_table_presuspend_targets+0x40/0xb0 [dm_mod] [<0>] __dm_destroy+0x2a5/0x310 [dm_mod] [<0>] dm_destroy+0x16/0x30 [dm_mod] [<0>] dev_remove+0x165/0x290 [dm_mod] [<0>] ctl_ioctl+0x4bb/0x7b0 [dm_mod] [<0>] dm_ctl_ioctl+0x11/0x20 [dm_mod] [<0>] vfs_ioctl+0x21/0x60 [<0>] __x64_sys_ioctl+0xb9/0xe0 [<0>] do_syscall_64+0xc6/0x230 [<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 Meanwhile mddev->recovery is: MD_RECOVERY_RUNNING | MD_RECOVERY_INTR | MD_RECOVERY_RESHAPE | MD_RECOVERY_FROZEN Fix this problem by remove the code to register sync_thread directly from raid10 and raid5. And let md_check_recovery() to register sync_thread.
AI-Powered Analysis
Technical Analysis
CVE-2024-26756 is a vulnerability identified in the Linux kernel's md (multiple device) subsystem, specifically related to RAID array reshape operations. The issue arises when a reshape operation is interrupted and the system attempts to reassemble the RAID array. In this scenario, the kernel registers a sync_thread directly from pers->run(), setting the MD_RECOVERY_RUNNING flag without guaranteeing that md_do_sync() will execute. This leads to a situation where stop_sync_thread() hangs indefinitely because the MD_RECOVERY_RUNNING flag cannot be cleared. The problem is exacerbated by the fact that md_do_sync() is responsible for setting MD_RECOVERY_DONE, which signals the completion of recovery. The vulnerability can cause system hangs during RAID reshape or recovery operations, as demonstrated by the dm-raid test shell script lvconvert-raid-reshape.sh, which occasionally triggers this hang. The root cause is the direct registration of sync_thread from raid10 and raid5 code paths, bypassing the proper recovery checks. The fix involves removing this direct registration and delegating sync_thread registration to md_check_recovery(), ensuring proper state management and preventing the hang condition. This vulnerability affects Linux kernel versions identified by the commit hash f67055780caac6a99f43834795c43acf99eba6a6 and is relevant to systems using software RAID configurations managed by the md subsystem. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems that rely on Linux software RAID configurations for data redundancy and availability. The md subsystem is widely used in enterprise Linux distributions common in Europe, including Red Hat Enterprise Linux, CentOS, Fedora, Debian, and Ubuntu. A hang during RAID reshape or recovery can lead to prolonged system unavailability, impacting critical services and data access. This can disrupt business operations, especially in environments where high availability and data integrity are paramount, such as financial institutions, healthcare providers, and public sector organizations. The inability to clear recovery flags and stop sync threads may require manual intervention or system reboots, increasing downtime and operational costs. While the vulnerability does not appear to allow privilege escalation or data corruption directly, the denial-of-service effect on storage subsystems can have cascading impacts on dependent applications and services. Given the prevalence of Linux in server infrastructure across Europe, the potential for operational disruption is significant, particularly in data centers and cloud environments that utilize software RAID for storage management.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the patch for CVE-2024-26756 as soon as vendor updates become available. Until patched, administrators should avoid interrupting RAID reshape operations and monitor RAID array health closely to detect early signs of hangs or recovery issues. Implementing robust backup and disaster recovery procedures is critical to mitigate potential data availability impacts. Additionally, organizations can consider temporarily disabling reshape operations or scheduling them during maintenance windows to minimize operational risk. Monitoring kernel logs and system performance metrics related to md and dm-raid modules can help identify attempts to trigger the hang condition. For environments using custom or older kernels, backporting the patch or applying vendor-provided fixes is recommended. Finally, educating system administrators about the symptoms and recovery steps for this issue will reduce downtime in case the hang occurs.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.170Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe3a83
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 6:11:54 PM
Last updated: 8/13/2025, 6:47:00 AM
Views: 17
Related Threats
CVE-2025-8961: Memory Corruption in LibTIFF
MediumCVE-2025-8960: SQL Injection in Campcodes Online Flight Booking Management System
MediumCVE-2025-8958: Stack-based Buffer Overflow in Tenda TX3
HighCVE-2025-8957: SQL Injection in Campcodes Online Flight Booking Management System
MediumCVE-2025-54707: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in RealMag777 MDTF
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.