CVE-2024-42294

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42294
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42294.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-42294
Downstream
Related
Published
2024-08-17T09:09:02Z
Modified
2025-10-17T09:58:52.174009Z
Summary
block: fix deadlock between sd_remove & sd_release
Details

In the Linux kernel, the following vulnerability has been resolved:

block: fix deadlock between sdremove & sdrelease

Our test report the following hung task:

[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds. [ 2538.459427] Call trace: [ 2538.459430] _switchto+0x174/0x338 [ 2538.459436] _schedule+0x628/0x9c4 [ 2538.459442] schedule+0x7c/0xe8 [ 2538.459447] schedulepreemptdisabled+0x24/0x40 [ 2538.459453] _mutexlock+0x3ec/0xf04 [ 2538.459456] _mutexlockslowpath+0x14/0x24 [ 2538.459459] mutexlock+0x30/0xd8 [ 2538.459462] delgendisk+0xdc/0x350 [ 2538.459466] sdremove+0x30/0x60 [ 2538.459470] devicereleasedriverinternal+0x1c4/0x2c4 [ 2538.459474] devicereleasedriver+0x18/0x28 [ 2538.459478] busremovedevice+0x15c/0x174 [ 2538.459483] devicedel+0x1d0/0x358 [ 2538.459488] _scsiremovedevice+0xa8/0x198 [ 2538.459493] scsiforgethost+0x50/0x70 [ 2538.459497] scsiremovehost+0x80/0x180 [ 2538.459502] usbstordisconnect+0x68/0xf4 [ 2538.459506] usbunbindinterface+0xd4/0x280 [ 2538.459510] devicereleasedriverinternal+0x1c4/0x2c4 [ 2538.459514] devicereleasedriver+0x18/0x28 [ 2538.459518] busremovedevice+0x15c/0x174 [ 2538.459523] devicedel+0x1d0/0x358 [ 2538.459528] usbdisabledevice+0x84/0x194 [ 2538.459532] usbdisconnect+0xec/0x300 [ 2538.459537] hubevent+0xb80/0x1870 [ 2538.459541] processscheduledworks+0x248/0x4dc [ 2538.459545] worker_thread+0x244/0x334 [ 2538.459549] kthread+0x114/0x1bc

[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds. [ 2538.461014] Call trace: [ 2538.461016] _switchto+0x174/0x338 [ 2538.461021] _schedule+0x628/0x9c4 [ 2538.461025] schedule+0x7c/0xe8 [ 2538.461030] blkqueueenter+0xc4/0x160 [ 2538.461034] blkmqallocrequest+0x120/0x1d4 [ 2538.461037] scsiexecutecmd+0x7c/0x23c [ 2538.461040] ioctlinternalcommand+0x5c/0x164 [ 2538.461046] scsisetmediumremoval+0x5c/0xb0 [ 2538.461051] sdrelease+0x50/0x94 [ 2538.461054] blkdevput+0x190/0x28c [ 2538.461058] blkdevrelease+0x28/0x40 [ 2538.461063] _fput+0xf8/0x2a8 [ 2538.461066] _fputsync+0x28/0x5c [ 2538.461070] _arm64sysclose+0x84/0xe8 [ 2538.461073] invokesyscall+0x58/0x114 [ 2538.461078] el0svccommon+0xac/0xe0 [ 2538.461082] doel0svc+0x1c/0x28 [ 2538.461087] el0svc+0x38/0x68 [ 2538.461090] el0t64synchandler+0x68/0xbc [ 2538.461093] el0t64_sync+0x1a8/0x1ac

T1: T2: sdremove delgendisk _blkmarkdiskdead blkfreezequeuestart ++q->mqfreezedepth bdevrelease mutexlock(&disk->openmutex) sdrelease scsiexecutecmd blkqueueenter waitevent(!q->mqfreezedepth) mutexlock(&disk->openmutex)

SCSI does not set GDOWNSQUEUE, so QUEUEFLAGDYING is not set in this scenario. This is a classic ABBA deadlock. To fix the deadlock, make sure we don't try to acquire disk->open_mutex after freezing the queue.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eec1be4c30df73238b936fa9f3653773a6f8b15c
Fixed
5a5625a83eac91fdff1d5f0202ecfc45a31983c9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eec1be4c30df73238b936fa9f3653773a6f8b15c
Fixed
f5418f48a93b69ed9e6a2281eee06b412f14a544
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eec1be4c30df73238b936fa9f3653773a6f8b15c
Fixed
7e04da2dc7013af50ed3a2beb698d5168d1e594b

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.4
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 1553.0,
            "function_hash": "179152039670503541075347096297988574511"
        },
        "target": {
            "function": "del_gendisk",
            "file": "block/genhd.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5418f48a93b69ed9e6a2281eee06b412f14a544",
        "signature_version": "v1",
        "id": "CVE-2024-42294-5bf065c8"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "33904293804401956078909965663963225146",
                "179697840625988024541262443056999597047",
                "75947079409513100616355414360388603939",
                "318462332850116439126470006301224628272",
                "137220048366583712204055753909097613375"
            ]
        },
        "target": {
            "file": "block/genhd.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5418f48a93b69ed9e6a2281eee06b412f14a544",
        "signature_version": "v1",
        "id": "CVE-2024-42294-82422855"
    },
    {
        "digest": {
            "length": 1553.0,
            "function_hash": "179152039670503541075347096297988574511"
        },
        "target": {
            "function": "del_gendisk",
            "file": "block/genhd.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e04da2dc7013af50ed3a2beb698d5168d1e594b",
        "signature_version": "v1",
        "id": "CVE-2024-42294-83031275"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "33904293804401956078909965663963225146",
                "179697840625988024541262443056999597047",
                "75947079409513100616355414360388603939",
                "318462332850116439126470006301224628272",
                "137220048366583712204055753909097613375"
            ]
        },
        "target": {
            "file": "block/genhd.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e04da2dc7013af50ed3a2beb698d5168d1e594b",
        "signature_version": "v1",
        "id": "CVE-2024-42294-8a8e4f83"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "33904293804401956078909965663963225146",
                "179697840625988024541262443056999597047",
                "75947079409513100616355414360388603939",
                "318462332850116439126470006301224628272",
                "137220048366583712204055753909097613375"
            ]
        },
        "target": {
            "file": "block/genhd.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5a5625a83eac91fdff1d5f0202ecfc45a31983c9",
        "signature_version": "v1",
        "id": "CVE-2024-42294-a98035fa"
    },
    {
        "digest": {
            "length": 1565.0,
            "function_hash": "12556440847168062269369598933028079740"
        },
        "target": {
            "function": "del_gendisk",
            "file": "block/genhd.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5a5625a83eac91fdff1d5f0202ecfc45a31983c9",
        "signature_version": "v1",
        "id": "CVE-2024-42294-d906c3e2"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.5.0
Fixed
6.6.44
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.3