CVE-2024-35794: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend 1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove MD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize that dm-raid relies on __md_stop_writes() to frozen sync_thread indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in md_stop_writes(), and since stop_sync_thread() is only used for dm-raid in this case, also move stop_sync_thread() to md_stop_writes(). 2) The flag MD_RECOVERY_FROZEN doesn't mean that sync thread is frozen, it only prevent new sync_thread to start, and it can't stop the running sync thread; In order to frozen sync_thread, after seting the flag, stop_sync_thread() should be used. 3) The flag MD_RECOVERY_FROZEN doesn't mean that writes are stopped, use it as condition for md_stop_writes() in raid_postsuspend() doesn't look correct. Consider that reentrant stop_sync_thread() do nothing, always call md_stop_writes() in raid_postsuspend(). 4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime, and if MD_RECOVERY_FROZEN is cleared while the array is suspended, new sync_thread can start unexpected. Fix this by disallow raid_message() to change sync_thread status during suspend. Note that after commit f52f5c71f3d4 ("md: fix stopping sync thread"), the test shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(), and with previous fixes, the test won't hang there anymore, however, the test will still fail and complain that ext4 is corrupted. And with this patch, the test won't hang due to stop_sync_thread() or fail due to ext4 is corrupted anymore. However, there is still a deadlock related to dm-raid456 that will be fixed in following patches.
AI Analysis
Technical Summary
CVE-2024-35794 is a vulnerability in the Linux kernel's device-mapper RAID (dm-raid) subsystem related to improper handling of the sync_thread during system suspend operations. The issue stems from a flawed implementation in the md (multiple device) driver where the MD_RECOVERY_FROZEN flag was incorrectly managed. Originally, a commit (f52f5c71f3d4) intended to fix stopping the sync_thread removed the MD_RECOVERY_FROZEN flag from the __md_stop_writes() function, not realizing that dm-raid relies on this flag to freeze the sync_thread indirectly. The flag MD_RECOVERY_FROZEN does not actually freeze the running sync_thread but only prevents new sync_threads from starting. This misunderstanding led to scenarios where the sync_thread could remain active or restart unexpectedly during suspend/resume cycles, causing hangs or filesystem corruption, as evidenced by failures in the ext4 filesystem during RAID reshape tests. The vulnerability allows the raid_message() function to change the MD_RECOVERY_FROZEN flag status during suspend, potentially causing new sync_threads to start unexpectedly and leading to deadlocks or data corruption. The patch corrects this by reintroducing the MD_RECOVERY_FROZEN flag in md_stop_writes(), consolidating stop_sync_thread() calls, and disallowing raid_message() from altering sync_thread status during suspend. Although this patch resolves hangs and ext4 corruption issues, a related deadlock in dm-raid456 remains and is planned to be fixed in future patches. This vulnerability affects Linux kernel versions identified by the commit hash 9dbd1aa3a81c6166608fec87994b6c464701f73a and likely other versions containing the flawed commit. No known exploits are reported in the wild as of the publication date (May 17, 2024).
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with dm-raid configurations, especially those using RAID arrays managed by the device-mapper. The impact includes potential system hangs during suspend/resume cycles, deadlocks, and filesystem corruption (notably ext4), which can lead to data loss or system unavailability. Organizations relying on Linux-based servers, storage appliances, or embedded systems with RAID setups could experience operational disruptions. Critical infrastructure, cloud service providers, and enterprises with large-scale Linux deployments may face increased downtime or data integrity issues if the vulnerability is triggered. Although exploitation requires specific conditions (system suspend and RAID operations), the risk is significant in environments with frequent suspend/resume cycles or complex RAID configurations. The absence of known exploits reduces immediate threat but does not eliminate risk, especially as patches are still being finalized. Therefore, European entities using affected Linux kernels should consider this vulnerability a potential threat to system stability and data integrity.
Mitigation Recommendations
1. Immediate application of the available patch that reintroduces the MD_RECOVERY_FROZEN flag handling in md_stop_writes() and restricts raid_message() from altering sync_thread status during suspend is critical. 2. Monitor Linux kernel updates closely and apply subsequent patches addressing the remaining dm-raid456 deadlock issues as they become available. 3. For systems where patching is not immediately feasible, consider temporarily disabling suspend/resume functionality or avoid using dm-raid configurations that rely on the affected code paths during suspend. 4. Implement rigorous backup and data integrity verification procedures for RAID arrays to mitigate potential data corruption risks. 5. Conduct thorough testing of RAID configurations under suspend/resume scenarios in controlled environments before deploying updates in production. 6. Use kernel tracing and logging tools to monitor sync_thread behavior and detect anomalies related to RAID operations during suspend/resume cycles. 7. Engage with Linux distribution vendors for backported patches and security advisories relevant to specific kernel versions in use.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-35794: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend 1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove MD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize that dm-raid relies on __md_stop_writes() to frozen sync_thread indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in md_stop_writes(), and since stop_sync_thread() is only used for dm-raid in this case, also move stop_sync_thread() to md_stop_writes(). 2) The flag MD_RECOVERY_FROZEN doesn't mean that sync thread is frozen, it only prevent new sync_thread to start, and it can't stop the running sync thread; In order to frozen sync_thread, after seting the flag, stop_sync_thread() should be used. 3) The flag MD_RECOVERY_FROZEN doesn't mean that writes are stopped, use it as condition for md_stop_writes() in raid_postsuspend() doesn't look correct. Consider that reentrant stop_sync_thread() do nothing, always call md_stop_writes() in raid_postsuspend(). 4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime, and if MD_RECOVERY_FROZEN is cleared while the array is suspended, new sync_thread can start unexpected. Fix this by disallow raid_message() to change sync_thread status during suspend. Note that after commit f52f5c71f3d4 ("md: fix stopping sync thread"), the test shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(), and with previous fixes, the test won't hang there anymore, however, the test will still fail and complain that ext4 is corrupted. And with this patch, the test won't hang due to stop_sync_thread() or fail due to ext4 is corrupted anymore. However, there is still a deadlock related to dm-raid456 that will be fixed in following patches.
AI-Powered Analysis
Technical Analysis
CVE-2024-35794 is a vulnerability in the Linux kernel's device-mapper RAID (dm-raid) subsystem related to improper handling of the sync_thread during system suspend operations. The issue stems from a flawed implementation in the md (multiple device) driver where the MD_RECOVERY_FROZEN flag was incorrectly managed. Originally, a commit (f52f5c71f3d4) intended to fix stopping the sync_thread removed the MD_RECOVERY_FROZEN flag from the __md_stop_writes() function, not realizing that dm-raid relies on this flag to freeze the sync_thread indirectly. The flag MD_RECOVERY_FROZEN does not actually freeze the running sync_thread but only prevents new sync_threads from starting. This misunderstanding led to scenarios where the sync_thread could remain active or restart unexpectedly during suspend/resume cycles, causing hangs or filesystem corruption, as evidenced by failures in the ext4 filesystem during RAID reshape tests. The vulnerability allows the raid_message() function to change the MD_RECOVERY_FROZEN flag status during suspend, potentially causing new sync_threads to start unexpectedly and leading to deadlocks or data corruption. The patch corrects this by reintroducing the MD_RECOVERY_FROZEN flag in md_stop_writes(), consolidating stop_sync_thread() calls, and disallowing raid_message() from altering sync_thread status during suspend. Although this patch resolves hangs and ext4 corruption issues, a related deadlock in dm-raid456 remains and is planned to be fixed in future patches. This vulnerability affects Linux kernel versions identified by the commit hash 9dbd1aa3a81c6166608fec87994b6c464701f73a and likely other versions containing the flawed commit. No known exploits are reported in the wild as of the publication date (May 17, 2024).
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with dm-raid configurations, especially those using RAID arrays managed by the device-mapper. The impact includes potential system hangs during suspend/resume cycles, deadlocks, and filesystem corruption (notably ext4), which can lead to data loss or system unavailability. Organizations relying on Linux-based servers, storage appliances, or embedded systems with RAID setups could experience operational disruptions. Critical infrastructure, cloud service providers, and enterprises with large-scale Linux deployments may face increased downtime or data integrity issues if the vulnerability is triggered. Although exploitation requires specific conditions (system suspend and RAID operations), the risk is significant in environments with frequent suspend/resume cycles or complex RAID configurations. The absence of known exploits reduces immediate threat but does not eliminate risk, especially as patches are still being finalized. Therefore, European entities using affected Linux kernels should consider this vulnerability a potential threat to system stability and data integrity.
Mitigation Recommendations
1. Immediate application of the available patch that reintroduces the MD_RECOVERY_FROZEN flag handling in md_stop_writes() and restricts raid_message() from altering sync_thread status during suspend is critical. 2. Monitor Linux kernel updates closely and apply subsequent patches addressing the remaining dm-raid456 deadlock issues as they become available. 3. For systems where patching is not immediately feasible, consider temporarily disabling suspend/resume functionality or avoid using dm-raid configurations that rely on the affected code paths during suspend. 4. Implement rigorous backup and data integrity verification procedures for RAID arrays to mitigate potential data corruption risks. 5. Conduct thorough testing of RAID configurations under suspend/resume scenarios in controlled environments before deploying updates in production. 6. Use kernel tracing and logging tools to monitor sync_thread behavior and detect anomalies related to RAID operations during suspend/resume cycles. 7. Engage with Linux distribution vendors for backported patches and security advisories relevant to specific kernel versions in use.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T12:19:12.339Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe34d2
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 3:56:36 PM
Last updated: 8/11/2025, 10:51:52 PM
Views: 13
Related Threats
CVE-2025-7051: CWE-284 in N-able N-central
HighCVE-2025-57768: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Alanaktion phproject
MediumCVE-2025-55524: n/a
UnknownCVE-2025-55523: n/a
UnknownCVE-2025-43754: CWE-208 Observable Timing Discrepancy in Liferay Portal
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.