The Linux kernel development team has recently addressed two significant vulnerabilities affecting various versions of the Linux operating system.
These security issues, discovered in the kernel’s handling of NVMe multipath (CVE-2024-53093) and RDMA/siw (CVE-2024-53094) functionality, have been patched to prevent potential system instabilities and security risks.
The first vulnerability, identified in the NVMe multipath functionality, could lead to a deadlock situation under certain conditions.
The issue stemmed from partition scanning occurring within the controller’s scan_work context, potentially causing a deadlock if a path error occurred.
While the second vulnerability affected the RDMA/siw (Software iWARP) driver, which is used for RDMA communications over TCP/IP.
Here the issue arose when running iSCSI Extensions for RDMA (iSER) over SIW, causing warnings about slab page usage in send_page operations.
However, besides this, researchers at Linux kernel development team observed that both the vulnerabilities (CVE-2024-53093 & CVE-2024-53094) were marked as significant since they affected the kernel’s handling of NVMe multipath and RDMA/siw functionality.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Technical Analysis
To resolve the first vulnerability (CVE-2024-53093), identified in the NVMe multipath functionality, the developers have implemented a fix to defer partition scanning to a different context that does not block scan_work. This change ensures smoother operation of NVMe multipath systems and prevents potential system hangs.
Besides this, to fix the second vulnerability (CVE-2024-53094) that affected the RDMA/siw (Software iWARP) driver, the developers have added a sendpage_ok() check within the driver. If this check returns 0, the MSG_SPLICE_PAGES flag is now disabled before entering the network stack, preventing potential issues with skb_splice_from_iter().
These vulnerabilities affected multiple versions of the Linux kernel, including some long-term support (LTS) releases. The patches have been backported to affected stable kernel versions.
For the NVMe multipath issue:
- Kernels from 6.1.118 through 6.1.*
- Kernels from 6.6.62 through 6.6.*
- Kernels from 6.11.9 through 6.11.*
- Kernels from 6.12 onwards
For the RDMA/siw issue:
- Kernels from 6.6.62 through 6.6.*
- Kernels from 6.11.9 through 6.11.*
- Kernels from 6.12 onwards
Users and system administrators are strongly advised to update their Linux kernels to the latest patched versions to mitigate these vulnerabilities.
The fixes are available through standard kernel update channels and distribution-specific package managers.
Regular updates and prompt attention to discovered vulnerabilities continue to be crucial for maintaining the integrity and performance of Linux-based systems.
Are you from SOC/DFIR Teams? – Analyse Malware & Phishing with ANY.RUN -> Try for Free