CVE-2024-57929: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57929 affects the Linux kernel's device mapper (dm) array subsystem. The vulnerability was discovered in the dmarraycursor_end function where a faulty array block could be released twice. This issue was identified and fixed in December 2024, with patches being integrated into various Linux kernel versions (Kernel Git).

The vulnerability occurs when dmbmreadlock() fails due to locking or checksum errors. In such cases, it releases the faulty block implicitly while leaving an invalid output pointer behind. The dmarraycursor incorrectly caches this invalid pointer when reading a faulty array block, which leads to a double release in dmarraycursorend(), ultimately triggering a BUGON in dm-bufio cacheput(). The issue stems from improper handling of error conditions in the array cursor API implementation (Kernel Git).

When exploited, this vulnerability can cause a kernel panic due to the double release of memory blocks, leading to system instability and potential denial of service conditions. The issue specifically affects systems using the device mapper's array functionality (NVD).

The issue has been fixed by modifying the error handling in the dmarraycursor_end function to properly set cached block pointers to NULL on errors. The fix has been incorporated into multiple Linux kernel versions and is available through distribution updates. Debian has addressed this in version 6.1.128-1 (Debian Security).