CVE-2024-35983

bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS bits_per() rounds up to the next power of two when passed a power of
two. This causes crashes on some machines and configurations.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: límites: utilice el número correcto de bits para potencia de dos CONFIG_NR_CPUS bits_per() redondea a la siguiente potencia de dos cuando se pasa una potencia de dos. Esto provoca fallos en algunas máquinas y configuraciones.

A vulnerability was found in the Linux kernel related to the improper handling of power-of-two values for `CONFIG_NR_CPUS`. The `bits_per()` function incorrectly rounds up to the next power of two when given a power of two, causing crashes on certain systems.

In the Linux kernel, the following vulnerability has been resolved: bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS bits_per() rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-20 CVE Published
2024-12-19 CVE Updated
2025-04-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (17)

URL	Tag	Source
https://git.kernel.org/stable/c/d6077e0d38b4953c863d0db4a5b3f41d21e0d546	Vuln. Introduced
https://git.kernel.org/stable/c/83a2275f9d3230c761014b1467888b1ef469be74	Vuln. Introduced
https://git.kernel.org/stable/c/d2a7a81088c6abe778b0a93a7eeb79487a943818	Vuln. Introduced
https://git.kernel.org/stable/c/428ca0000f0abd5c99354c52a36becf2b815ca21	Vuln. Introduced
https://git.kernel.org/stable/c/b46c822f8b555b9513df44047b0e72c06720df62	Vuln. Introduced
https://git.kernel.org/stable/c/cf778fff03be1ee88c49b72959650147573c3301	Vuln. Introduced
https://git.kernel.org/stable/c/b2e1b090a590d41abe647eadb6bf2a5dc47b63ab	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d34a516f2635090d36a306f84573e8de3d7374ce	2024-05-02
https://git.kernel.org/stable/c/66297b2ceda841f809637731d287bda3a93b49d8	2024-05-02
https://git.kernel.org/stable/c/93ba36238db6a74a82feb3dc476e25ea424ad630	2024-05-02
https://git.kernel.org/stable/c/9b7c5004d7c5ae062134052a85290869a015814c	2024-05-02
https://git.kernel.org/stable/c/15aa09d6d84629eb5296de30ac0aa19a33512f16	2024-05-02
https://git.kernel.org/stable/c/ebfe41889b762f1933c6762f6624b9724a25bee0	2024-05-02
https://git.kernel.org/stable/c/5af385f5f4cddf908f663974847a4083b2ff2c79	2024-04-29

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-35983	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2281863	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.274 < 5.4.275 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.274 < 5.4.275"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.215 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.215 < 5.10.216"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.154 < 5.15.158 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.154 < 5.15.158"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.84 < 6.1.90 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.84 < 6.1.90"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.24 < 6.6.30 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.24 < 6.6.30"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8.3 < 6.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8.3 < 6.8.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.7.12 Search vendor "Linux" for product "Linux Kernel" and version "6.7.12"		en		Affected