CVE-2024-39476: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-39476 is a vulnerability in the Linux kernel's md/raid5 implementation that was discovered in July 2024. The issue affects the raid5d() function, which can enter a deadlock condition when waiting for itself to clear the MDSBCHANGE_PENDING flag (NVD).

The vulnerability stems from a problematic dependency in the raid5d() implementation where: 1) mdcheckrecovery() from raid5d() must hold 'reconfigmutex' to clear MDSBCHANGEPENDING, 2) raid5d() handles IO in a deadloop until all IO are issued, and 3) IO from raid5d() must wait for MDSBCHANGE_PENDING to be cleared. This behavior was introduced before Linux kernel version 2.6. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a deadlock condition where raid5d() will consume 100% CPU in a deadloop if another context holds the 'reconfigmutex' and mdcheckrecovery() cannot update the superblock. This continues until the 'reconfig_mutex' is released (Kernel Patch).

The issue has been fixed by modifying the raid5d() implementation to skip IO issuing if MDSBCHANGEPENDING is still set after mdcheckrecovery(). The daemon thread will be woken up when 'reconfigmutex' is released. This solution was implemented by referring to the implementation from raid1 and raid10 (Kernel Patch).