{"id":"CVE-2024-35974","summary":"block: fix q-\u003eblkg_list corruption during disk rebind","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix q-\u003eblkg_list corruption during disk rebind\n\nMultiple gendisk instances can allocated/added for single request queue\nin case of disk rebind. blkg may still stay in q-\u003eblkg_list when calling\nblkcg_init_disk() for rebind, then q-\u003eblkg_list becomes corrupted.\n\nFix the list corruption issue by:\n\n- add blkg_init_queue() to initialize q-\u003eblkg_list & q-\u003eblkcg_mutex only\n- move calling blkg_init_queue() into blk_alloc_queue()\n\nThe list corruption should be started since commit f1c006f1c685 (\"blk-cgroup:\nsynchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()\")\nwhich delays removing blkg from q-\u003eblkg_list into blkg_free_workfn().","modified":"2026-03-20T12:36:46.118747Z","published":"2024-05-20T09:42:01.114Z","related":["SUSE-SU-2024:2135-1","SUSE-SU-2024:2203-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20249-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35974.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/083b58373463a6e5ee60ecb135269348f68ad7df"},{"type":"WEB","url":"https://git.kernel.org/stable/c/740ffad95ca8033bd6e080ed337655b13b4d38ac"},{"type":"WEB","url":"https://git.kernel.org/stable/c/858c489d81d659af17a4d11cfaad2afb42e47a76"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8b8ace080319a866f5dfe9da8e665ae51d971c54"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b5dae1cd0d8368b4338430ff93403df67f0b8bcc"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35974.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35974"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"81c1188905f88b77743d1fdeeedfc8cb7b67787d"},{"fixed":"b5dae1cd0d8368b4338430ff93403df67f0b8bcc"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"bfe46d2efe46c5c952f982e2ca94fe2ec5e58e2a"},{"fixed":"083b58373463a6e5ee60ecb135269348f68ad7df"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1059699f87eb0b3aa9d574b91a572d534897134a"},{"fixed":"740ffad95ca8033bd6e080ed337655b13b4d38ac"},{"fixed":"858c489d81d659af17a4d11cfaad2afb42e47a76"},{"fixed":"8b8ace080319a866f5dfe9da8e665ae51d971c54"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35974.json"}}],"schema_version":"1.7.5"}