PT-2024-21501 · Linux+4 · Linux Kernel+4

Mikulas Patocka

·

Published

2024-02-15

·

Updated

2026-05-26

·

CVE-2024-26758

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability has been resolved in the Linux kernel related to the handling of suspended arrays in the md check recovery() function. The issue arises when the mddev suspend() function does not stop the sync thread, causing problems when trying to unregister the sync thread. This can lead to a hang when stopping the array after it has been suspended. The problem is not limited to dm-raid and can be fixed by ignoring suspended arrays in md check recovery(). Follow-up patches will improve dm-raid to better handle frozen sync threads during suspension.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-129

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
AZL-59481
AZL-59484
BDU:2025-03610
CVE-2024-26758
ECHO-CFA3-10A3-55EF
INFSA-2024_9315
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2025_0556-1
OPENSUSE-SU-2025_0577-1
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2973-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:0556-1
SUSE-SU-2025:0577-1
SUSE-SU-2025:0577-2
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
SUSE-SU-2025_0577-1
SUSE-SU-2025_0577-2

Affected Products

Alt Linux
Debian
Linux Kernel
Red Hat
Suse