Race Condition in Multipath Target of the Linux Kernel
CVE-2023-54324
What is CVE-2023-54324?
A race condition vulnerability exists within the Linux Kernel's multipath target when the function retrieve_deps interacts with concurrent calls to multipath_message. The malfunction occurs due to retrieve_deps operating on a list of open devices without appropriate locking, allowing multipath_message to modify the list simultaneously. This flaw can lead to memory corruption or use-after-free situations, potentially compromising system stability and security. The issue has been addressed by implementing a new read-write semaphore, 'devices_lock', which ensures proper synchronization during device access operations.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 38f6e5ae5d9ff4a4050ea6f7b543d5d5a4e087cf
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2