cve-2024-50270
Vulnerability from cvelistv5
Published
2024-11-19 01:30
Modified
2024-12-19 09:36
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid overflow in damon_feed_loop_next_input() damon_feed_loop_next_input() is inefficient and fragile to overflows. Specifically, 'score_goal_diff_bp' calculation can overflow when 'score' is high. The calculation is actually unnecessary at all because 'goal' is a constant of value 10,000. Calculation of 'compensation' is again fragile to overflow. Final calculation of return value for under-achiving case is again fragile to overflow when the current score is under-achieving the target. Add two corner cases handling at the beginning of the function to make the body easier to read, and rewrite the body of the function to avoid overflows and the unnecessary bp value calcuation.
Impacted products
Vendor Product Version
Linux Linux Version: 6.8
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/damon/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2d339a1f0f16ff5dea58e612ff336f0be0d041e9",
              "status": "affected",
              "version": "9294a037c01564786abb15436529fae3863268a2",
              "versionType": "git"
            },
            {
              "lessThan": "4401e9d10ab0281a520b9f8c220f30f60b5c248f",
              "status": "affected",
              "version": "9294a037c01564786abb15436529fae3863268a2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/damon/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: avoid overflow in damon_feed_loop_next_input()\n\ndamon_feed_loop_next_input() is inefficient and fragile to overflows. \nSpecifically, \u0027score_goal_diff_bp\u0027 calculation can overflow when \u0027score\u0027\nis high.  The calculation is actually unnecessary at all because \u0027goal\u0027 is\na constant of value 10,000.  Calculation of \u0027compensation\u0027 is again\nfragile to overflow.  Final calculation of return value for under-achiving\ncase is again fragile to overflow when the current score is\nunder-achieving the target.\n\nAdd two corner cases handling at the beginning of the function to make the\nbody easier to read, and rewrite the body of the function to avoid\noverflows and the unnecessary bp value calcuation."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:36:58.860Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2d339a1f0f16ff5dea58e612ff336f0be0d041e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/4401e9d10ab0281a520b9f8c220f30f60b5c248f"
        }
      ],
      "title": "mm/damon/core: avoid overflow in damon_feed_loop_next_input()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50270",
    "datePublished": "2024-11-19T01:30:08.406Z",
    "dateReserved": "2024-10-21T19:36:19.982Z",
    "dateUpdated": "2024-12-19T09:36:58.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50270\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-19T02:16:29.033\",\"lastModified\":\"2024-11-26T22:38:18.377\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmm/damon/core: avoid overflow in damon_feed_loop_next_input()\\n\\ndamon_feed_loop_next_input() is inefficient and fragile to overflows. \\nSpecifically, \u0027score_goal_diff_bp\u0027 calculation can overflow when \u0027score\u0027\\nis high.  The calculation is actually unnecessary at all because \u0027goal\u0027 is\\na constant of value 10,000.  Calculation of \u0027compensation\u0027 is again\\nfragile to overflow.  Final calculation of return value for under-achiving\\ncase is again fragile to overflow when the current score is\\nunder-achieving the target.\\n\\nAdd two corner cases handling at the beginning of the function to make the\\nbody easier to read, and rewrite the body of the function to avoid\\noverflows and the unnecessary bp value calcuation.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/damon/core: evitar desbordamientos en damon_feed_loop_next_input() damon_feed_loop_next_input() es ineficiente y fr\u00e1gil a desbordamientos. Espec\u00edficamente, el c\u00e1lculo de \u0027score_goal_diff_bp\u0027 puede desbordarse cuando \u0027score\u0027 es alto. El c\u00e1lculo es realmente innecesario en absoluto porque \u0027goal\u0027 es una constante de valor 10,000. El c\u00e1lculo de \u0027compensaci\u00f3n\u0027 es nuevamente fr\u00e1gil a desbordamientos. El c\u00e1lculo final del valor de retorno para el caso de bajo rendimiento es nuevamente fr\u00e1gil a desbordamientos cuando el puntaje actual no alcanza el objetivo. Agregue dos casos extremos de manejo al comienzo de la funci\u00f3n para hacer que el cuerpo sea m\u00e1s f\u00e1cil de leer y reescriba el cuerpo de la funci\u00f3n para evitar desbordamientos y el c\u00e1lculo innecesario del valor bp.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.11.8\",\"matchCriteriaId\":\"24AB354E-701F-4D6C-8B18-A0BBA5C21C30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B88717-53F5-42AA-9B72-14C707639E3F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2d339a1f0f16ff5dea58e612ff336f0be0d041e9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4401e9d10ab0281a520b9f8c220f30f60b5c248f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.