CVE-2024-42316

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-42316
In the Linux kernel, the following vulnerability has been resolved: mm/mglru: fix div-by-zero in vmpressure_calc_level() evict_folios() uses a second pass to reclaim folios that have gone through page writeback and become clean before it finishes the first pass, since folio_rotate_reclaimable() cannot handle those folios due to the isolation. The second pass tries to avoid potential double counting by deducting scan_control->nr_scanned. However, this can result in underflow of nr_scanned, under a condition where shrink_folio_list() does not increment nr_scanned, i.e., when folio_trylock() fails. The underflow can cause the divisor, i.e., scale=scanned+reclaimed in vmpressure_calc_level(), to become zero, resulting in the following crash: [exception RIP: vmpressure_work_fn+101] process_one_work at ffffffffa3313f2b Since scan_control->nr_scanned has no established semantics, the potential double counting has minimal risks. Therefore, fix the problem by not deducting scan_control->nr_scanned in evict_folios().

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef Patch
https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d Patch
https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895 Patch
https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

22 Aug 2024, 15:52

Type Values Removed Values Added
First Time Linux
Linux linux Kernel
CWE CWE-369
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef - () https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef - Patch
References () https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d - () https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d - Patch
References () https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895 - () https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895 - Patch
References () https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04 - () https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04 - Patch

19 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/mglru: corrige div-by-zero en vmpression_calc_level() evict_folios() utiliza una segunda pasada para recuperar las publicaciones que han pasado por la reescritura de páginas y quedan limpias antes de finalizar el primer pase, ya que folio_rotate_reclaimable() no puede manejar esos folios debido al aislamiento. El segundo paso intenta evitar un posible doble conteo deduciendo scan_control->nr_scanned. Sin embargo, esto puede resultar en un desbordamiento insuficiente de nr_scanned, bajo una condición en la que Shrink_folio_list() no incrementa nr_scanned, es decir, cuando falla folio_trylock(). El desbordamiento insuficiente puede causar que el divisor, es decir, escala=escaneado+reclamado en vmpression_calc_level(), se convierta en cero, lo que resulta en el siguiente bloqueo: [excepción RIP: vmpression_work_fn+101] Process_one_work en ffffffffa3313f2b Dado que scan_control->nr_scanned no tiene una semántica establecida, la posible doble contabilización tiene riesgos mínimos. Por lo tanto, solucione el problema no deduciendo scan_control->nr_scanned en evict_folios().

17 Aug 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-17 09:15

Updated : 2024-08-22 15:52

NVD link : CVE-2024-42316

Mitre link : CVE-2024-42316

CVE.ORG link : CVE-2024-42316

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-369

Divide By Zero


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024