CVE-2024-35787: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usage for sb_index Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing the bitmap file") removed page->index from bitmap code, but left wrong code logic for clustered-md. current code never set slot offset for cluster nodes, will sometimes cause crash in clustered env. Call trace (partly): md_bitmap_file_set_bit+0x110/0x1d8 [md_mod] md_bitmap_startwrite+0x13c/0x240 [md_mod] raid1_make_request+0x6b0/0x1c08 [raid1] md_handle_request+0x1dc/0x368 [md_mod] md_submit_bio+0x80/0xf8 [md_mod] __submit_bio+0x178/0x300 submit_bio_noacct_nocheck+0x11c/0x338 submit_bio_noacct+0x134/0x614 submit_bio+0x28/0xdc submit_bh_wbc+0x130/0x1cc submit_bh+0x1c/0x28
AI Analysis
Technical Summary
CVE-2024-35787 is a vulnerability identified in the Linux kernel's md (multiple device) subsystem, specifically within the md-bitmap code used for managing RAID arrays. The issue stems from incorrect usage of the sb_index field in the bitmap code after a commit (d7038f951828) removed the page->index field but left flawed logic for clustered-md environments. Clustered-md is a configuration that allows multiple nodes to access and manage RAID devices concurrently. The vulnerability causes the current code to never set the slot offset for cluster nodes, which can lead to crashes in clustered environments. The crash occurs during bitmap operations related to RAID write requests, as indicated by the call trace involving md_bitmap_file_set_bit, md_bitmap_startwrite, raid1_make_request, and related functions. This flaw can cause denial of service by crashing the md subsystem, potentially impacting RAID1 or other RAID configurations using bitmap files in clustered setups. The vulnerability does not appear to have known exploits in the wild yet, and no CVSS score has been assigned. However, the issue affects Linux kernel versions containing the faulty commit and impacts systems using clustered-md bitmaps, which are typically found in enterprise or high-availability environments relying on software RAID clustering for data redundancy and performance.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to data center and enterprise environments utilizing Linux-based clustered RAID configurations. A successful exploitation or triggering of this bug could cause system instability or crashes, leading to denial of service conditions. This can result in downtime for critical services, potential data unavailability, and disruption of business operations. Organizations relying on clustered RAID for high availability, such as financial institutions, cloud providers, telecommunications, and large enterprises, may face operational risks. While the vulnerability does not directly expose data confidentiality or integrity issues, the availability impact can be significant, especially in environments where RAID arrays are critical for data storage and redundancy. Recovery from crashes may require manual intervention and could lead to data resynchronization delays. Given the lack of known exploits, the immediate threat level is moderate, but the potential for denial of service in critical infrastructure warrants prompt attention.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that fix the md-bitmap code logic as soon as they are released and tested in their environments. 2) If patching is not immediately possible, consider disabling clustered-md bitmap usage temporarily or avoid using clustered RAID bitmap features until patched. 3) Monitor system logs for md subsystem errors or crashes that could indicate attempts to trigger this vulnerability. 4) Implement robust backup and disaster recovery procedures to minimize data loss or downtime in case of RAID subsystem failures. 5) For environments using clustered RAID, validate the integrity and configuration of md bitmaps regularly to detect anomalies early. 6) Coordinate with Linux distribution vendors for timely updates and advisories related to this vulnerability. 7) Limit access to systems running clustered RAID to trusted administrators to reduce risk of accidental or malicious triggering.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Italy, Spain
CVE-2024-35787: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usage for sb_index Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing the bitmap file") removed page->index from bitmap code, but left wrong code logic for clustered-md. current code never set slot offset for cluster nodes, will sometimes cause crash in clustered env. Call trace (partly): md_bitmap_file_set_bit+0x110/0x1d8 [md_mod] md_bitmap_startwrite+0x13c/0x240 [md_mod] raid1_make_request+0x6b0/0x1c08 [raid1] md_handle_request+0x1dc/0x368 [md_mod] md_submit_bio+0x80/0xf8 [md_mod] __submit_bio+0x178/0x300 submit_bio_noacct_nocheck+0x11c/0x338 submit_bio_noacct+0x134/0x614 submit_bio+0x28/0xdc submit_bh_wbc+0x130/0x1cc submit_bh+0x1c/0x28
AI-Powered Analysis
Technical Analysis
CVE-2024-35787 is a vulnerability identified in the Linux kernel's md (multiple device) subsystem, specifically within the md-bitmap code used for managing RAID arrays. The issue stems from incorrect usage of the sb_index field in the bitmap code after a commit (d7038f951828) removed the page->index field but left flawed logic for clustered-md environments. Clustered-md is a configuration that allows multiple nodes to access and manage RAID devices concurrently. The vulnerability causes the current code to never set the slot offset for cluster nodes, which can lead to crashes in clustered environments. The crash occurs during bitmap operations related to RAID write requests, as indicated by the call trace involving md_bitmap_file_set_bit, md_bitmap_startwrite, raid1_make_request, and related functions. This flaw can cause denial of service by crashing the md subsystem, potentially impacting RAID1 or other RAID configurations using bitmap files in clustered setups. The vulnerability does not appear to have known exploits in the wild yet, and no CVSS score has been assigned. However, the issue affects Linux kernel versions containing the faulty commit and impacts systems using clustered-md bitmaps, which are typically found in enterprise or high-availability environments relying on software RAID clustering for data redundancy and performance.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to data center and enterprise environments utilizing Linux-based clustered RAID configurations. A successful exploitation or triggering of this bug could cause system instability or crashes, leading to denial of service conditions. This can result in downtime for critical services, potential data unavailability, and disruption of business operations. Organizations relying on clustered RAID for high availability, such as financial institutions, cloud providers, telecommunications, and large enterprises, may face operational risks. While the vulnerability does not directly expose data confidentiality or integrity issues, the availability impact can be significant, especially in environments where RAID arrays are critical for data storage and redundancy. Recovery from crashes may require manual intervention and could lead to data resynchronization delays. Given the lack of known exploits, the immediate threat level is moderate, but the potential for denial of service in critical infrastructure warrants prompt attention.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that fix the md-bitmap code logic as soon as they are released and tested in their environments. 2) If patching is not immediately possible, consider disabling clustered-md bitmap usage temporarily or avoid using clustered RAID bitmap features until patched. 3) Monitor system logs for md subsystem errors or crashes that could indicate attempts to trigger this vulnerability. 4) Implement robust backup and disaster recovery procedures to minimize data loss or downtime in case of RAID subsystem failures. 5) For environments using clustered RAID, validate the integrity and configuration of md bitmaps regularly to detect anomalies early. 6) Coordinate with Linux distribution vendors for timely updates and advisories related to this vulnerability. 7) Limit access to systems running clustered RAID to trusted administrators to reduce risk of accidental or malicious triggering.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T12:19:12.338Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe348d
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 3:55:52 PM
Last updated: 8/1/2025, 7:34:18 AM
Views: 13
Related Threats
CVE-2025-9094: Improper Neutralization of Special Elements Used in a Template Engine in ThingsBoard
MediumCVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumResearcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.