CVE-2024-50270
Vulnerability from cvelistv5
Published
2024-11-19 01:30
Modified
2024-12-19 09:36
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: avoid overflow in damon_feed_loop_next_input()
damon_feed_loop_next_input() is inefficient and fragile to overflows.
Specifically, 'score_goal_diff_bp' calculation can overflow when 'score'
is high. The calculation is actually unnecessary at all because 'goal' is
a constant of value 10,000. Calculation of 'compensation' is again
fragile to overflow. Final calculation of return value for under-achiving
case is again fragile to overflow when the current score is
under-achieving the target.
Add two corner cases handling at the beginning of the function to make the
body easier to read, and rewrite the body of the function to avoid
overflows and the unnecessary bp value calcuation.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "mm/damon/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2d339a1f0f16ff5dea58e612ff336f0be0d041e9", "status": "affected", "version": "9294a037c01564786abb15436529fae3863268a2", "versionType": "git" }, { "lessThan": "4401e9d10ab0281a520b9f8c220f30f60b5c248f", "status": "affected", "version": "9294a037c01564786abb15436529fae3863268a2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "mm/damon/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.8" }, { "lessThan": "6.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: avoid overflow in damon_feed_loop_next_input()\n\ndamon_feed_loop_next_input() is inefficient and fragile to overflows. \nSpecifically, \u0027score_goal_diff_bp\u0027 calculation can overflow when \u0027score\u0027\nis high. The calculation is actually unnecessary at all because \u0027goal\u0027 is\na constant of value 10,000. Calculation of \u0027compensation\u0027 is again\nfragile to overflow. Final calculation of return value for under-achiving\ncase is again fragile to overflow when the current score is\nunder-achieving the target.\n\nAdd two corner cases handling at the beginning of the function to make the\nbody easier to read, and rewrite the body of the function to avoid\noverflows and the unnecessary bp value calcuation." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:36:58.860Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2d339a1f0f16ff5dea58e612ff336f0be0d041e9" }, { "url": "https://git.kernel.org/stable/c/4401e9d10ab0281a520b9f8c220f30f60b5c248f" } ], "title": "mm/damon/core: avoid overflow in damon_feed_loop_next_input()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50270", "datePublished": "2024-11-19T01:30:08.406Z", "dateReserved": "2024-10-21T19:36:19.982Z", "dateUpdated": "2024-12-19T09:36:58.860Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-50270\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-19T02:16:29.033\",\"lastModified\":\"2024-11-26T22:38:18.377\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmm/damon/core: avoid overflow in damon_feed_loop_next_input()\\n\\ndamon_feed_loop_next_input() is inefficient and fragile to overflows. \\nSpecifically, \u0027score_goal_diff_bp\u0027 calculation can overflow when \u0027score\u0027\\nis high. The calculation is actually unnecessary at all because \u0027goal\u0027 is\\na constant of value 10,000. Calculation of \u0027compensation\u0027 is again\\nfragile to overflow. Final calculation of return value for under-achiving\\ncase is again fragile to overflow when the current score is\\nunder-achieving the target.\\n\\nAdd two corner cases handling at the beginning of the function to make the\\nbody easier to read, and rewrite the body of the function to avoid\\noverflows and the unnecessary bp value calcuation.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/damon/core: evitar desbordamientos en damon_feed_loop_next_input() damon_feed_loop_next_input() es ineficiente y fr\u00e1gil a desbordamientos. Espec\u00edficamente, el c\u00e1lculo de \u0027score_goal_diff_bp\u0027 puede desbordarse cuando \u0027score\u0027 es alto. El c\u00e1lculo es realmente innecesario en absoluto porque \u0027goal\u0027 es una constante de valor 10,000. El c\u00e1lculo de \u0027compensaci\u00f3n\u0027 es nuevamente fr\u00e1gil a desbordamientos. El c\u00e1lculo final del valor de retorno para el caso de bajo rendimiento es nuevamente fr\u00e1gil a desbordamientos cuando el puntaje actual no alcanza el objetivo. Agregue dos casos extremos de manejo al comienzo de la funci\u00f3n para hacer que el cuerpo sea m\u00e1s f\u00e1cil de leer y reescriba el cuerpo de la funci\u00f3n para evitar desbordamientos y el c\u00e1lculo innecesario del valor bp.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.11.8\",\"matchCriteriaId\":\"24AB354E-701F-4D6C-8B18-A0BBA5C21C30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B88717-53F5-42AA-9B72-14C707639E3F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2d339a1f0f16ff5dea58e612ff336f0be0d041e9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4401e9d10ab0281a520b9f8c220f30f60b5c248f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.