CVE-2024-26962

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A deadlock vulnerability has been resolved in the Linux kernel, specifically in the dm-raid456 and md/raid456 modules. The issue occurs when IO operations are concurrent with reshape operations. In certain cases, such as when the array is read-only, MD RECOVERY WAIT is set, or MD RECOVERY FROZEN is set, the reshape operation will never make progress, causing IO operations to hang. The problem does not exist in md/raid because the register new sync thread does not rely on IO being done. The patch ensures that raid message() cannot change sync thread() through raid message() after presuspend() and detects the above cases before waiting for IO to be done in dm suspend(), allowing dm-raid to requeue those IO operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2025-12647

AZL-54572

AZL-54587

BDU:2025-02915

CVE-2024-26962

ECHO-2389-0370-77C0

INFSA-2024_9315

RHSA-2024:9315

RHSA-2024_9315

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Affected Products

Alt Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Suse

Ubuntu

CVE-2024-26962

Weakness Enumeration

Related Identifiers

Affected Products

References · 3032