CVE-2024-55642

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.5

Description A potential deadlock issue has been identified in the Linux kernel's zone write plugging code. This issue occurs when a device queue freeze is initiated while BIOs are still plugged in a zone write plug and one of these write operations fails. To prevent this deadlock, the zone write plugging code has been modified to remove the use of report zones operations after a failed write operation. Instead, the device user is relied upon to execute a report zone, reset the zone, finish the zone, or give up writing to the device. This change ensures that the tracking of a zone write pointer is always correct and prevents potential deadlocks.

Recommendations For Linux kernel versions prior to 6.12.5, update to a newer version that contains the fix for this issue. As a temporary workaround, consider disabling the disk zone wplug set error() function until a patch is available. Restrict access to the vulnerable blk zone write plug bio endio() function to minimize the risk of exploitation. Avoid using the BLK ZONE WPLUG ERROR flag in the affected API endpoints until the issue is resolved.