Linux Kernel Device Mapper Zone Management Vulnerability

A vulnerability in the Linux kernel's device mapper related to zone management has been addressed. The issue arose because the function 'dm_revalidate_zones()' only permitted new or previously unzoned devices to call 'blk_revalidate_disk_zones()'. For devices that were already zoned, the function would return without making any updates, leading to a mismatch between the device's zoned settings and the new table. This discrepancy could cause errors, particularly for devices with zone write plug resources, by reading invalid memory. Although 'blk_revalidate_disk_zones()' typically updates zoned settings correctly, it could inadvertently overwrite or clear the 'nr_zones' value, requiring the device mapper to restore the previous value to maintain consistency. The vulnerability could be exploited by manipulating the zoned settings of a device with allocated zone write plug resources, potentially causing errors during zone management operations.

Impact

The vulnerability could lead to incorrect zone management for devices, causing errors in zone-related operations and potentially disrupting data integrity during disk operations.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this vulnerability has been fixed.