CVE-2024-42102

MEDIUM EPSS 16.9%
Published Jul 30, 20241y ago · Modified Jun 17, 20262w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Jul 30, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
16.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-369

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥4.19.307  –  <4.19.318
linuxlinux_kernel*≥5.4.269  –  <5.4.280
linuxlinux_kernel*≥5.10.210  –  <5.10.222
linuxlinux_kernel*≥5.15.149  –  <5.15.163
linuxlinux_kernel*≥6.1.79  –  <6.1.98
linuxlinux_kernel*≥6.6.18  –  <6.6.39
linuxlinux_kernel*≥6.8  –  <6.9.9

References 9

  • git.kernel.org https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d
    Patch