Bug 1224715 (CVE-2024-35787)

Summary: VUL-0: CVE-2024-35787: kernel: md/md-bitmap: fix incorrect usage for sb_index
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gabriele.sonnu, jlee
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/406366/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-35787:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-05-20 16:08:24 UTC 
In the Linux kernel, the following vulnerability has been resolved:

md/md-bitmap: fix incorrect usage for sb_index

Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing the
bitmap file") removed page->index from bitmap code, but left wrong code
logic for clustered-md. current code never set slot offset for cluster
nodes, will sometimes cause crash in clustered env.

Call trace (partly):
 md_bitmap_file_set_bit+0x110/0x1d8 [md_mod]
 md_bitmap_startwrite+0x13c/0x240 [md_mod]
 raid1_make_request+0x6b0/0x1c08 [raid1]
 md_handle_request+0x1dc/0x368 [md_mod]
 md_submit_bio+0x80/0xf8 [md_mod]
 __submit_bio+0x178/0x300
 submit_bio_noacct_nocheck+0x11c/0x338
 submit_bio_noacct+0x134/0x614
 submit_bio+0x28/0xdc
 submit_bh_wbc+0x130/0x1cc
 submit_bh+0x1c/0x28

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35787
https://www.cve.org/CVERecord?id=CVE-2024-35787
https://git.kernel.org/stable/c/55e55eb65fd5e09faf5a0e49ffcdd37905aaf4da
https://git.kernel.org/stable/c/5a95815b17428ce2f56ec18da5e0d1b2a1a15240
https://git.kernel.org/stable/c/736ad6c577a367834118f57417038d45bb5e0a31
https://git.kernel.org/stable/c/ecbd8ebb51bf7e4939d83b9e6022a55cac44ef06
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35787.mbox
https://bugzilla.redhat.com/show_bug.cgi?id=2281061
Comment 1 Joey Lee 2024-05-21 07:01:33 UTC 
https://www.suse.com/security/cve/CVE-2024-35787.html
cvss 5.5
Comment 2 Joey Lee 2024-05-23 11:55:37 UTC 
joeyli@linux-691t:/mnt/working/source_code-git/kernel-source> ./scripts/check-kernel-fix CVE-2024-35787
ecbd8ebb51bf ("md/md-bitmap: fix incorrect usage for sb_index") merged v6.9-rc1~214^2~34^2~2
Fixes: d7038f951828 ("md-bitmap: don't use ->index for pages backing the bitmap file") merged v6.6-rc1~151^2~40^2~21
Security fix for CVE-2024-35787 bsc#1224715 with CVSS 5.5
Experts candidates: heming.zhao@suse.com 
..............................
NO ACTION NEEDED: All relevant branches contain the fix!

Does not affect any branch. reset assignee