6.5

CVE-2024-36916

EPSS 0.14%
Veröffentlicht 30.05.2024 16:15:14
Zuletzt bearbeitet 21.11.2024 09:22:48
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

blk-iocost: avoid out of bounds shift

UBSAN catches undefined behavior in blk-iocost, where sometimes
iocg->delay is shifted right by a number that is too large,
resulting in undefined behavior on some architectures.

[  186.556576] ------------[ cut here ]------------
UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23
shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')
CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S          E    N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1
Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020
Call Trace:
 <IRQ>
 dump_stack_lvl+0x8f/0xe0
 __ubsan_handle_shift_out_of_bounds+0x22c/0x280
 iocg_kick_delay+0x30b/0x310
 ioc_timer_fn+0x2fb/0x1f80
 __run_timer_base+0x1b6/0x250
...

Avoid that undefined behavior by simply taking the
"delay = 0" branch if the shift is too large.

I am not sure what the symptoms of an undefined value
delay will be, but I suspect it could be more than a
little annoying to debug.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 62accf6c1d7b433752cb3591bba8967b7a801ad5

Version 5160a5a53c0c4ae3708959d9465ea43ad5d90542

Status affected

Version < 844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1

Version 5160a5a53c0c4ae3708959d9465ea43ad5d90542

Status affected

Version < f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca

Version 5160a5a53c0c4ae3708959d9465ea43ad5d90542

Status affected

Version < ce0e99cae00e3131872936713b7f55eefd53ab86

Version 5160a5a53c0c4ae3708959d9465ea43ad5d90542

Status affected

Version < 488dc6808cb8369685f18cee81e88e7052ac153b

Version 5160a5a53c0c4ae3708959d9465ea43ad5d90542

Status affected

Version < beaa51b36012fad5a4d3c18b88a617aea7a9b96d

Version 5160a5a53c0c4ae3708959d9465ea43ad5d90542

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.10

Status affected

Version < 5.10

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.217

Status unaffected

Version <= 5.15.*

Version 5.15.159

Status unaffected

Version <= 6.1.*

Version 6.1.91

Status unaffected

Version <= 6.6.*

Version 6.6.31

Status unaffected

Version <= 6.8.*

Version 6.8.10

Status unaffected

Version <= *

Version 6.9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.348

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b

https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5

https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1

https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d

https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86

https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca

https://security.netapp.com/advisory/ntap-20240905-0006/

https://nvd.nist.gov/vuln/detail/CVE-2024-36916

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36916

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36916

EUVD