CVE-2024-57875: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57875 is a vulnerability in the Linux kernel related to disk zone management. The issue involves potential invalid memory references during disk revalidation when changing the conventional zones bitmap of a disk while using the diskzoneis_conv() helper function. This vulnerability was discovered and resolved in January 2024 (NVD, Debian Tracker).

The vulnerability stems from improper protection of the disk->convzonesbitmap pointer during disk revalidation processes. The fix implements RCU (Read-Copy-Update) protection for the disk->convzonesbitmap pointer, modifying diskzoneisconv() to operate under RCU read lock. A new function disksetconvzonesbitmap() was added to update the disk convzonesbitmap pointer using rcureplacepointer() while holding the disk zonewplugs_lock spinlock (Kernel Commit).

The vulnerability could lead to invalid memory references in the Linux kernel when performing disk revalidation operations that modify the conventional zones bitmap. This could potentially affect system stability and security in systems using zoned storage devices (NVD).

The issue has been fixed in Linux kernel version 6.12.17-1 and later. The fix involves implementing RCU protection for the disk->convzonesbitmap pointer and modifying related functions to ensure proper synchronization. Users should upgrade to the patched versions to mitigate this vulnerability (Debian Tracker).