Package: linux-image-6.13.1+debian+tj
Followup-For: Bug #1086175
X-Debbugs-Cc: tj.iam...@proton.me
Thank-you for the link to the mail-list bug report Alessandro. That has
resulted in a very recent mainline patch in the current v6.15
development cycle that likely fixes the bug:
commit 8542870237c3a48ff049b6c5df5f50c8728284fa
Author: Yu Kuai <yuku...@huawei.com>
Date: Thu Feb 20 20:43:48 2025 +0800
md: fix mddev uaf while iterating all_mddevs list
While iterating all_mddevs list from md_notify_reboot() and md_exit(),
list_for_each_entry_safe is used, and this can race with deletint the
next mddev, causing UAF:
...
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/md/md.c?id=8542870237c3a48ff049b6c5df5f50c8728284fa
Since this is a race condition it makes some sense that it rarely
affects spinning disks but does affect virtual disks on SSDs and SSDs
themselves since flushing buffers to device before closing will take
longer in most cases.
Are you able to build and test the current mainline kernel master branch
to verify this patch will fix the bug?
If verified we can:
1) check if the patch or a slightly modified version can be applied to
v6.1
2) suggest to upstream the patch should be backported to the LTS/stable
trees.
If (2) happens Debian will automatically benefit.
If you're unable to build a kernel there are a couple of alternatives:
a) I can build it and share it with you, or
b) Test it using an Ubuntu mainline kernel build [0] of v6.15-rc* release
candidates once they are published.
[0] https://kernel.ubuntu.com/mainline/?C=N;O=D
