CVE-2024-45023
📋 TL;DR
A race condition in Linux kernel's RAID1 implementation can cause data corruption when reading from degraded arrays with slow disks. This vulnerability allows reading unrecovered data from disks still undergoing recovery, potentially returning stale or incorrect data. Systems using Linux software RAID1 with mixed-speed disks in degraded state are affected.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Critical data corruption leading to filesystem damage, application crashes, or data loss from reading incorrect data during degraded RAID1 operations.
Likely Case
Intermittent data corruption during read operations when RAID1 arrays are degraded and contain disks with different performance characteristics.
If Mitigated
Minimal impact if RAID arrays are healthy, properly monitored, and degraded states are promptly addressed.
🎯 Exploit Status
Exploitation requires local access and specific RAID configuration conditions. This is a race condition rather than a direct security bypass.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 2febf5fdbf5d9a52ddc3e986971c8609b1582d67 and c916ca35308d3187c9928664f9be249b22a3a701
Vendor Advisory: https://git.kernel.org/stable/c/2febf5fdbf5d9a52ddc3e986971c8609b1582d67
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version and that mdraid module loads correctly.
🔧 Temporary Workarounds
Avoid degraded RAID1 arrays
linuxMaintain RAID1 arrays in healthy state and promptly replace failed disks
mdadm --detail /dev/mdX
cat /proc/mdstat
Use homogeneous disk speeds
linuxEnsure all disks in RAID1 arrays have similar performance characteristics
🧯 If You Can't Patch
- Monitor RAID arrays closely and immediately address any degraded states
- Implement regular data integrity checks and backups for critical data on RAID1 arrays
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if using software RAID1: uname -r && cat /proc/mdstatCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fixes: grep -q '2febf5fdbf5d9a52ddc3e986971c8609b1582d67\|c916ca35308d3187c9928664f9be249b22a3a701' /proc/version_signature || echo 'Check kernel source'📡 Detection & Monitoring
Log Indicators:
- Kernel messages about RAID degradation
- mdraid error messages in dmesg
- Filesystem corruption errors
Network Indicators:
- None - this is a local storage vulnerability
SIEM Query:
source="kernel" AND ("mdraid" OR "RAID1") AND ("degraded" OR "error" OR "corruption")