Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:drbd: add missing kref_get in handle_write_conflictsWith `two-primaries` enabled, DRBD tries to detect "concurrent" writesand handle write conflicts, so that even if you write to the same sectorsimultaneously on both nodes, they end up with the identical data oncethe writes are completed.In handling "superseeded" writes, we forgot a kref_get,resulting in a premature drbd_destroy_device and use after free,and further to kernel crashes with symptoms.Relevance: No one should use DRBD as a random data generator, and apparentlyall users of "two-primaries" handle concurrent writes correctly on layer up.That is cluster file systems use some distributed lock manager,and live migration in virtualization environments stops writes on one nodebefore starting writes on the other node.Which means that other than for "test cases",this code path is never taken in real life.FYI, in DRBD 9, things are handled differently nowadays. We still detect"write conflicts", but no longer try to be smart about them.We decided to disconnect hard instead: upper layers must not submit concurrentwrites. If they do, that's their fault.
No PoCs from references.
- https://github.com/w4zu/Debian_security