CVE-2024-45026

s390/dasd: fix error recovery leading to data corruption on ESE devices

Description

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes need to be formatted on demand during usual IO processing. The dasd_ese_needs_format function checks for error codes that signal the non existence of a proper track format. The check for incorrect length is to imprecise since other error cases leading to transport of insufficient data also have this flag set. This might lead to data corruption in certain error cases for example during a storage server warmstart. Fix by removing the check for incorrect length and replacing by explicitly checking for invalid track format in transport mode. Also remove the check for file protected since this is not a valid ESE handling case.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8 patch
https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118 patch
https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a patch
https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246 patch
https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd patch
https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc patch
https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b patch

Frequently Asked Questions

What is the severity of CVE-2024-45026?
CVE-2024-45026 has been scored as a high severity vulnerability.
How to fix CVE-2024-45026?
To fix CVE-2024-45026, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-45026 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-45026 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-45026?
CVE-2024-45026 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.