CVE-2024-23307: 
Linux Kernel vulnerability analysis and mitigation

Integer Overflow or Wraparound vulnerability (CVE-2024-23307) was discovered in the Linux kernel's software RAID driver, affecting x86 and ARM architectures specifically in the md, raid, and raid5 modules. The vulnerability was discovered by Gui-Dong Han and was first reported on January 15, 2024. The issue affects Linux kernel versions from 4.1 up to versions before 6.1.84, 6.6.24, 6.7.12, and 6.8.3 (NVD).

The vulnerability stems from a race condition in the raid5_cache_count() function where concurrent execution with raid5_set_cache_size() can lead to inconsistent reads of conf->max_nr_stripes and conf->min_nr_stripes values. The current check 'if (conf->max_nr_stripes < conf->min_nr_stripes)' is ineffective as values could change immediately after being checked, potentially causing an integer overflow. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) by NIST, with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, OpenAnolis Bug).

The vulnerability requires write access to the sysfs raid5 stripe cache size options to exploit. If successfully exploited, a privileged attacker could potentially cause a denial of service condition through a system crash (Ubuntu).

A fix has been developed that introduces local variables 'min_stripes' and 'max_stripes' in raid5_cache_count() to ensure the values remain stable throughout the check. The patch has been submitted upstream and is being integrated into various Linux distributions. Multiple distributions have released fixed versions, including Ubuntu 22.04 LTS (5.15.0-116.126), Ubuntu 20.04 LTS (5.4.0-189.209), and Ubuntu 18.04 LTS (4.15.0-226.238) (OpenAnolis Bug, Ubuntu).