cve-2024-42131
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2024-12-19 09:13
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to >16 TB.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2b2d2b8766db028bd827af34075f221ae9e9efffPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4d3817b64eda07491bdd86a234629fe0764fb42aPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbcPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbcPatch
Impacted products
Vendor Product Version
Linux Linux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.385Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42131",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:16:25.346003Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:36.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/page-writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2b2d2b8766db028bd827af34075f221ae9e9efff",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4d3817b64eda07491bdd86a234629fe0764fb42a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7a49389771ae7666f4dc3426e2a4594bf23ae290",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a25e8536184516b55ef89ab91dd2eea429de28d2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c83ed422c24f0d4b264f89291d4fabe285f80dbc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "bd16a7ee339aef3ee4c90cb23902afb6af379ea0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8e0b5e7f2895eccef5c2a0018b589266f90c4805",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "385d838df280eba6c8680f9777bfa0d0bfe7e8b2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/page-writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid overflows in dirty throttling logic\n\nThe dirty throttling logic is interspersed with assumptions that dirty\nlimits in PAGE_SIZE units fit into 32-bit (so that various multiplications\nfit into 64-bits).  If limits end up being larger, we will hit overflows,\npossible divisions by 0 etc.  Fix these problems by never allowing so\nlarge dirty limits as they have dubious practical value anyway.  For\ndirty_bytes / dirty_background_bytes interfaces we can just refuse to set\nso large limits.  For dirty_ratio / dirty_background_ratio it isn\u0027t so\nsimple as the dirty limit is computed from the amount of available memory\nwhich can change due to memory hotplug etc.  So when converting dirty\nlimits from ratios to numbers of pages, we just don\u0027t allow the result to\nexceed UINT_MAX.\n\nThis is root-only triggerable problem which occurs when the operator\nsets dirty limits to \u003e16 TB."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:13:43.864Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2b2d2b8766db028bd827af34075f221ae9e9efff"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d3817b64eda07491bdd86a234629fe0764fb42a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290"
        },
        {
          "url": "https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805"
        },
        {
          "url": "https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2"
        }
      ],
      "title": "mm: avoid overflows in dirty throttling logic",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42131",
    "datePublished": "2024-07-30T07:46:26.872Z",
    "dateReserved": "2024-07-29T15:50:41.186Z",
    "dateUpdated": "2024-12-19T09:13:43.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-42131\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-30T08:15:05.130\",\"lastModified\":\"2024-11-21T09:33:40.053\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmm: avoid overflows in dirty throttling logic\\n\\nThe dirty throttling logic is interspersed with assumptions that dirty\\nlimits in PAGE_SIZE units fit into 32-bit (so that various multiplications\\nfit into 64-bits).  If limits end up being larger, we will hit overflows,\\npossible divisions by 0 etc.  Fix these problems by never allowing so\\nlarge dirty limits as they have dubious practical value anyway.  For\\ndirty_bytes / dirty_background_bytes interfaces we can just refuse to set\\nso large limits.  For dirty_ratio / dirty_background_ratio it isn\u0027t so\\nsimple as the dirty limit is computed from the amount of available memory\\nwhich can change due to memory hotplug etc.  So when converting dirty\\nlimits from ratios to numbers of pages, we just don\u0027t allow the result to\\nexceed UINT_MAX.\\n\\nThis is root-only triggerable problem which occurs when the operator\\nsets dirty limits to \u003e16 TB.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: evitar desbordamientos en la l\u00f3gica de limitaci\u00f3n sucia La l\u00f3gica de limitaci\u00f3n sucia se entremezcla con suposiciones de que los l\u00edmites sucios en unidades PAGE_SIZE caben en 32 bits (de modo que varias multiplicaciones caben en 64 bits) . Si los l\u00edmites terminan siendo mayores, tendremos desbordamientos, posibles divisiones entre 0, etc. Solucione estos problemas nunca permitiendo l\u00edmites sucios tan grandes, ya que de todos modos tienen un valor pr\u00e1ctico dudoso. Para las interfaces dirty_bytes/dirty_background_bytes podemos simplemente negarnos a establecer l\u00edmites tan grandes. Para dirty_ratio / dirty_background_ratio no es tan simple ya que el l\u00edmite sucio se calcula a partir de la cantidad de memoria disponible que puede cambiar debido a la conexi\u00f3n en caliente de la memoria, etc. Entonces, al convertir l\u00edmites sucios de proporciones a n\u00fameros de p\u00e1ginas, simplemente no permitimos el el resultado excede UINT_MAX. Este es un problema que se puede activar solo desde la ra\u00edz y que ocurre cuando el operador establece l\u00edmites sucios en \u0026gt;16 TB.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.19.320\",\"matchCriteriaId\":\"0B4EF915-550B-45E5-B2CA-648FEACD60FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.282\",\"matchCriteriaId\":\"A8961D98-9ACF-4188-BA88-44038B14BC28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.222\",\"matchCriteriaId\":\"00696AC5-EE29-437F-97F9-C4D66608B327\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.163\",\"matchCriteriaId\":\"A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.98\",\"matchCriteriaId\":\"E09E92A5-27EF-40E4-926A-B1CDC8270551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.39\",\"matchCriteriaId\":\"29E894E4-668F-4DB0-81F7-4FB5F698E970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.9.9\",\"matchCriteriaId\":\"ADCC1407-0CB3-4C8F-B4C5-07F682CD7085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBB4392-5FA6-4DA9-9772-8F9C750109FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"331C2F14-12C7-45D5-893D-8C52EE38EA10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3173713D-909A-4DD3-9DD4-1E171EB057EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"79F18AFA-40F7-43F0-BA30-7BDB65F918B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD973AA4-A789-49BD-8D57-B2846935D3C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F3E9E0C-AC3E-4967-AF80-6483E8AB0078\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2b2d2b8766db028bd827af34075f221ae9e9efff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4d3817b64eda07491bdd86a234629fe0764fb42a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.