Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as possible, however, if valid data only lands in slow disks, and a new normal disk is still in recovery, unrecovered data can be read: raid1_read_request read_balance raid1_should_read_first -> return false choose_best_rdev -> normal disk is not recovered, return -1 choose_bb_rdev -> missing the checking of recovery, return the normal disk -> read unrecovered data Root cause is that the checking of recovery is missing in choose_bb_rdev(). Hence add such checking to fix the problem. Also fix similar problem in choose_slow_rdev().
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.9, < 6.10.7 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/2febf5fdbf5d9a52ddc3e986971c8609b1582d67Patch
- https://git.kernel.org/stable/c/c916ca35308d3187c9928664f9be249b22a3a701Patch
FAQ
What is CVE-2024-45023?
CVE-2024-45023 is a vulnerability with a CVSS score of 7.1 (HIGH). In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as possi...
How severe is CVE-2024-45023?
CVE-2024-45023 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-45023?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.