CVE-2024-23307

md/raid5: fix atomicity violation in raid5_cache_count

References

Debian security tracker
cve.org
https://bugzilla.openanolis.cn/show_bug.cgi?id=7975

Notes

 carnil> CVE description reads as "Integer Overflow or Wraparound
 carnil> vulnerability in Linux Linux kernel kernel on Linux, x86, ARM
 carnil> (md, raid, raid5 modules) allows Forced Integer Overflow."
 carnil> which indicates together with the affected version (from v4.1-
 carnil> rc1 before v6.8-rc1), that it is a upstream Linux kernel issue.
 carnil> To date (2024-01-25) the OpenAnolis is restricted.

Bugs

Status

Branch	Status
upstream	released (6.9-rc1) [dfd2bf436709b2bccb78c2dda550dde93700efa7]
6.18-upstream-stable
6.17-upstream-stable
6.12-upstream-stable
6.6-upstream-stable
6.1-upstream-stable	released (6.1.84) [9477cfeb300823461b44223a7d5fac26a31df4fe]
5.10-upstream-stable	needed
sid	released (6.8.9-1)
6.12-trixie-security
6.1-bookworm-security	released (6.1.85-1)
5.10-bullseye-security	needed