GHSA-66CW-5J4X-3R2W
Vulnerability from github – Published: 2024-09-11 18:31 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: fix error recovery leading to data corruption on ESE devices
Extent Space Efficient (ESE) or thin provisioned volumes need to be formatted on demand during usual IO processing.
The dasd_ese_needs_format function checks for error codes that signal the non existence of a proper track format.
The check for incorrect length is to imprecise since other error cases leading to transport of insufficient data also have this flag set. This might lead to data corruption in certain error cases for example during a storage server warmstart.
Fix by removing the check for incorrect length and replacing by explicitly checking for invalid track format in transport mode.
Also remove the check for file protected since this is not a valid ESE handling case.
{
"affected": [],
"aliases": [
"CVE-2024-45026"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-11T16:15:07Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.",
"id": "GHSA-66cw-5j4x-3r2w",
"modified": "2025-11-04T00:31:23Z",
"published": "2024-09-11T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45026"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.