CVE-2024-43914: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUG_ON() while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUG_ON() can be triggerred by the test: kernel BUG at drivers/md/raid5.c:6278! invalid opcode: 0000 [#1] PREEMPT SMP PTI irq event stamp: 158985 CPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94 RIP: 0010:reshape_request+0x3f1/0xe60 Call Trace: <TASK> raid5_sync_request+0x43d/0x550 md_do_sync+0xb7a/0x2110 md_thread+0x294/0x2b0 kthread+0x147/0x1c0 ret_from_fork+0x59/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Root cause is that --revert-reshape update the raid_disks from 5 to 4, while reshape position is still set, and after reassembling the array, reshape position will be read from super block, then during reshape the checking of 'writepos' that is caculated by old reshape position will fail. Fix this panic the easy way first, by converting the BUG_ON() to WARN_ON(), and stop the reshape if checkings fail. Noted that mdadm must fix --revert-shape as well, and probably md/raid should enhance metadata validation as well, however this means reassemble will fail and there must be user tools to fix the wrong metadata.
AI Analysis
Technical Summary
CVE-2024-43914 is a vulnerability identified in the Linux kernel's md/raid5 subsystem, specifically related to the handling of RAID 5 reshape operations. The issue arises when the mdadm tool uses the --revert-reshape option to abort an ongoing reshape process while the RAID array is being reassembled. The root cause is that the revert operation updates the number of RAID disks (raid_disks) from 5 to 4, but the reshape position remains set. Consequently, after reassembling the array, the reshape position is read from the superblock, and during the reshape, the 'writepos' calculation based on the old reshape position fails a critical check. This failure previously triggered a kernel BUG_ON() panic, causing the system to crash. The fix implemented converts the BUG_ON() to a WARN_ON(), preventing a kernel panic and stopping the reshape process if the checks fail. However, this fix highlights that mdadm's --revert-reshape functionality requires further correction, and the md/raid subsystem should enhance metadata validation to prevent incorrect metadata from causing reassembly failures. The vulnerability does not appear to have known exploits in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux servers with RAID 5 configurations managed by mdadm, this vulnerability poses a risk of system instability and potential downtime. A kernel panic triggered during RAID reshape operations can lead to abrupt service interruptions, impacting availability of critical systems and data storage. This is particularly significant for data centers, cloud service providers, and enterprises with high availability requirements. While the vulnerability does not directly expose confidentiality or integrity risks, the forced system crashes can disrupt business operations and complicate recovery processes. Additionally, improper handling of RAID metadata could lead to data loss or corruption if not managed carefully. Since the issue occurs during specific RAID reshape operations, the impact is limited to environments performing such maintenance tasks, but the risk remains for any organization using mdadm-managed RAID 5 arrays on Linux kernels prior to the fix.
Mitigation Recommendations
European organizations should promptly update their Linux kernels to versions that include the fix for CVE-2024-43914 to avoid kernel panics during RAID reshape operations. It is critical to ensure that mdadm tools are also updated to versions that correctly handle the --revert-reshape option and improve metadata validation. Administrators should avoid performing reshape abort operations on RAID 5 arrays without these updates. Additionally, organizations should implement robust backup and recovery procedures for RAID arrays to mitigate potential data loss from improper reshape operations. Monitoring system logs for WARN_ON() messages related to RAID reshaping can help detect attempts to trigger this condition. For environments with critical data, consider temporarily avoiding reshape operations until the toolchain and kernel are fully patched and tested. Finally, educating system administrators about the risks and proper handling of RAID reshape operations will reduce the likelihood of triggering this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-43914: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUG_ON() while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUG_ON() can be triggerred by the test: kernel BUG at drivers/md/raid5.c:6278! invalid opcode: 0000 [#1] PREEMPT SMP PTI irq event stamp: 158985 CPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94 RIP: 0010:reshape_request+0x3f1/0xe60 Call Trace: <TASK> raid5_sync_request+0x43d/0x550 md_do_sync+0xb7a/0x2110 md_thread+0x294/0x2b0 kthread+0x147/0x1c0 ret_from_fork+0x59/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Root cause is that --revert-reshape update the raid_disks from 5 to 4, while reshape position is still set, and after reassembling the array, reshape position will be read from super block, then during reshape the checking of 'writepos' that is caculated by old reshape position will fail. Fix this panic the easy way first, by converting the BUG_ON() to WARN_ON(), and stop the reshape if checkings fail. Noted that mdadm must fix --revert-shape as well, and probably md/raid should enhance metadata validation as well, however this means reassemble will fail and there must be user tools to fix the wrong metadata.
AI-Powered Analysis
Technical Analysis
CVE-2024-43914 is a vulnerability identified in the Linux kernel's md/raid5 subsystem, specifically related to the handling of RAID 5 reshape operations. The issue arises when the mdadm tool uses the --revert-reshape option to abort an ongoing reshape process while the RAID array is being reassembled. The root cause is that the revert operation updates the number of RAID disks (raid_disks) from 5 to 4, but the reshape position remains set. Consequently, after reassembling the array, the reshape position is read from the superblock, and during the reshape, the 'writepos' calculation based on the old reshape position fails a critical check. This failure previously triggered a kernel BUG_ON() panic, causing the system to crash. The fix implemented converts the BUG_ON() to a WARN_ON(), preventing a kernel panic and stopping the reshape process if the checks fail. However, this fix highlights that mdadm's --revert-reshape functionality requires further correction, and the md/raid subsystem should enhance metadata validation to prevent incorrect metadata from causing reassembly failures. The vulnerability does not appear to have known exploits in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux servers with RAID 5 configurations managed by mdadm, this vulnerability poses a risk of system instability and potential downtime. A kernel panic triggered during RAID reshape operations can lead to abrupt service interruptions, impacting availability of critical systems and data storage. This is particularly significant for data centers, cloud service providers, and enterprises with high availability requirements. While the vulnerability does not directly expose confidentiality or integrity risks, the forced system crashes can disrupt business operations and complicate recovery processes. Additionally, improper handling of RAID metadata could lead to data loss or corruption if not managed carefully. Since the issue occurs during specific RAID reshape operations, the impact is limited to environments performing such maintenance tasks, but the risk remains for any organization using mdadm-managed RAID 5 arrays on Linux kernels prior to the fix.
Mitigation Recommendations
European organizations should promptly update their Linux kernels to versions that include the fix for CVE-2024-43914 to avoid kernel panics during RAID reshape operations. It is critical to ensure that mdadm tools are also updated to versions that correctly handle the --revert-reshape option and improve metadata validation. Administrators should avoid performing reshape abort operations on RAID 5 arrays without these updates. Additionally, organizations should implement robust backup and recovery procedures for RAID arrays to mitigate potential data loss from improper reshape operations. Monitoring system logs for WARN_ON() messages related to RAID reshaping can help detect attempts to trigger this condition. For environments with critical data, consider temporarily avoiding reshape operations until the toolchain and kernel are fully patched and tested. Finally, educating system administrators about the risks and proper handling of RAID reshape operations will reduce the likelihood of triggering this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-17T09:11:59.295Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe0c73
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/28/2025, 10:41:11 PM
Last updated: 8/2/2025, 9:54:19 AM
Views: 11
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.