CVE-2024-40925

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the incorrect initialization of the queuelist in the Linux kernel's block component, specifically in the blk-flush functionality. This can lead to a kernel crash when the list move tail function is used on an uninitialized queuelist. The problem arises because the queuelist is not initialized for the first request in the PREFLUSH and POSTFLUSH sequences. To fix this, the code has been changed to use list add tail instead of list move tail, which eliminates the need for the queuelist to be initialized. Additionally, a list del init function has been added to the flush request callback to handle cases where the dm layer submits requests with an invalid format, which could cause double list add issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.