ghsa-3cf4-3gwv-8jwp
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"
Patch series "mm: Avoid possible overflows in dirty throttling".
Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details).
This patch (of 2):
This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.
The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.
{ "affected": [], "aliases": [ "CVE-2024-42102" ], "database_specific": { "cwe_ids": [ "CWE-369" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-07-30T08:15:02Z", "severity": "MODERATE" }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\n\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\n\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits. This patch series makes sure this is true (see patch 2/2 for\nmore details).\n\n\nThis patch (of 2):\n\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\n\nThe commit is broken in several ways. Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh \u003e= 1\u003c\u003c32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this). Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs. We have\ndiv64_ul() in case we want to be safe \u0026 cheap. Thirdly, if dirty\nthresholds are larger than 1\u003c\u003c32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot.", "id": "GHSA-3cf4-3gwv-8jwp", "modified": "2024-08-21T21:30:45Z", "published": "2024-07-30T09:31:51Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42102" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.