Deadlock Vulnerability in Linux Kernel Due to Zone Write Plug Error Recovery
CVE-2024-55642

5.5MEDIUM

Key Information:

Vendor: WordPress
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A vulnerability in the Linux kernel affects the zone write plug error recovery mechanism, creating a potential for deadlocks under certain conditions. When a write operation to a zoned block device fails, the system relies on error recovery processes to manage the write pointer tracking. However, if the device queue is frozen during this error recovery, it can lead to requests being blocked indefinitely, as resources necessary for further execution cannot be allocated. The update proposes a critical approach to mitigate this issue by removing automatic error recovery operations tied to write failures. This change requires users or applications to explicitly handle zone reporting, preventing the deadlock scenario and improving system reliability.

Affected Version(s)

Linux dd291d77cc90eb6a86e9860ba8e6e38eebd57d12 < 7fa80134cf266325fa61139320091001c9b3c477

Linux dd291d77cc90eb6a86e9860ba8e6e38eebd57d12

Linux 6.10

References

https://git.kernel.org/stable/c/7fa80134cf266325fa6113932...

https://git.kernel.org/stable/c/fe0418eb9bd69a19a948b297c...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 9, 2025