PT-2024-8006 · Linux+2 · Linux Kernel+2

Mateusz Jończyk

Published

2024-08-15

Updated

2025-09-29

CVE-2024-45023

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a problem in the md/raid1 module of the Linux kernel, specifically with the choose bb rdev() function. This function is missing a check for recovery, which can lead to reading unrecovered data from a slow disk in a degraded array. The root cause of the problem is the lack of checking for recovery in the choose bb rdev() function. The issue can be exploited to affect the integrity and availability of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-13260

BDU:2024-09523

CVE-2024-45023

OPENSUSE-SU-2024_3551-1

OPENSUSE-SU-2024_3561-1

OPENSUSE-SU-2024_3564-1

SUSE-SU-2024:3551-1

SUSE-SU-2024:3553-1

SUSE-SU-2024:3561-1

SUSE-SU-2024:3564-1

SUSE-SU-2025:20073-1

SUSE-SU-2025:20077-1

Affected Products

Alt Linux

Linux Kernel

Suse

PT-2024-8006 · Linux+2 · Linux Kernel+2

CVE-2024-45023

Weakness Enumeration

Related Identifiers

Affected Products

References · 413