{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-26671","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.150Z","datePublished":"2024-04-02T06:49:13.834Z","dateUpdated":"2026-05-11T20:01:56.325Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:01:56.325Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix IO hang from sbitmap wakeup race\n\nIn blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered\nwith the following blk_mq_get_driver_tag() in case of getting driver\ntag failure.\n\nThen in __sbitmap_queue_wake_up(), waitqueue_active() may not observe\nthe added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime\nblk_mq_mark_tag_wait() can't get driver tag successfully.\n\nThis issue can be reproduced by running the following test in loop, and\nfio hang can be observed in < 30min when running it on my test VM\nin laptop.\n\n\tmodprobe -r scsi_debug\n\tmodprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4\n\tdev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename`\n\tfio --filename=/dev/\"$dev\" --direct=1 --rw=randrw --bs=4k --iodepth=1 \\\n       \t\t--runtime=100 --numjobs=40 --time_based --name=test \\\n        \t--ioengine=libaio\n\nFix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which\nis just fine in case of running out of tag."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["block/blk-mq.c"],"versions":[{"version":"da55f2cc78418dee88400aafbbaed19d7ac8188e","lessThan":"9525b38180e2753f0daa1a522b7767a2aa969676","status":"affected","versionType":"git"},{"version":"da55f2cc78418dee88400aafbbaed19d7ac8188e","lessThan":"ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10","status":"affected","versionType":"git"},{"version":"da55f2cc78418dee88400aafbbaed19d7ac8188e","lessThan":"7610ba1319253225a9ba8a9d28d472fc883b4e2f","status":"affected","versionType":"git"},{"version":"da55f2cc78418dee88400aafbbaed19d7ac8188e","lessThan":"89e0e66682e1538aeeaa3109503473663cd24c8b","status":"affected","versionType":"git"},{"version":"da55f2cc78418dee88400aafbbaed19d7ac8188e","lessThan":"1d9c777d3e70bdc57dddf7a14a80059d65919e56","status":"affected","versionType":"git"},{"version":"da55f2cc78418dee88400aafbbaed19d7ac8188e","lessThan":"6d8b01624a2540336a32be91f25187a433af53a0","status":"affected","versionType":"git"},{"version":"da55f2cc78418dee88400aafbbaed19d7ac8188e","lessThan":"f1bc0d8163f8ee84a8d5affdf624cfad657df1d2","status":"affected","versionType":"git"},{"version":"da55f2cc78418dee88400aafbbaed19d7ac8188e","lessThan":"5266caaf5660529e3da53004b8b7174cab6374ed","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["block/blk-mq.c"],"versions":[{"version":"4.11","status":"affected"},{"version":"0","lessThan":"4.11","status":"unaffected","versionType":"semver"},{"version":"4.19.307","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.269","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.210","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.149","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.77","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.16","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.4","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"4.19.307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.4.269"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.10.210"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.15.149"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.1.77"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.6.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.7.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676"},{"url":"https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10"},{"url":"https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f"},{"url":"https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b"},{"url":"https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56"},{"url":"https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0"},{"url":"https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2"},{"url":"https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed"}],"title":"blk-mq: fix IO hang from sbitmap wakeup race","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:14:12.464Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26671","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:53:32.693372Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:37.992Z"}}]},"dataVersion":"5.2"}