CVE-2024-35983

bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS

bits_per() rounds up to the next power of two when passed a power of
two. This causes crashes on some machines and configurations.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: límites: utilice el número correcto de bits para potencia de dos CONFIG_NR_CPUS bits_per() redondea a la siguiente potencia de dos cuando se pasa una potencia de dos. Esto provoca fallos en algunas máquinas y configuraciones.

A vulnerability was found in the Linux kernel related to the improper handling of power-of-two values for `CONFIG_NR_CPUS`. The `bits_per()` function incorrectly rounds up to the next power of two when given a power of two, causing crashes on certain systems.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-20 CVE Published
2024-05-21 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (17)

URL	Tag	Source
https://git.kernel.org/stable/c/d6077e0d38b4953c863d0db4a5b3f41d21e0d546	Vuln. Introduced
https://git.kernel.org/stable/c/83a2275f9d3230c761014b1467888b1ef469be74	Vuln. Introduced
https://git.kernel.org/stable/c/d2a7a81088c6abe778b0a93a7eeb79487a943818	Vuln. Introduced
https://git.kernel.org/stable/c/428ca0000f0abd5c99354c52a36becf2b815ca21	Vuln. Introduced
https://git.kernel.org/stable/c/b46c822f8b555b9513df44047b0e72c06720df62	Vuln. Introduced
https://git.kernel.org/stable/c/cf778fff03be1ee88c49b72959650147573c3301	Vuln. Introduced
https://git.kernel.org/stable/c/b2e1b090a590d41abe647eadb6bf2a5dc47b63ab	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d34a516f2635090d36a306f84573e8de3d7374ce	2024-05-02
https://git.kernel.org/stable/c/66297b2ceda841f809637731d287bda3a93b49d8	2024-05-02
https://git.kernel.org/stable/c/93ba36238db6a74a82feb3dc476e25ea424ad630	2024-05-02
https://git.kernel.org/stable/c/9b7c5004d7c5ae062134052a85290869a015814c	2024-05-02
https://git.kernel.org/stable/c/15aa09d6d84629eb5296de30ac0aa19a33512f16	2024-05-02
https://git.kernel.org/stable/c/ebfe41889b762f1933c6762f6624b9724a25bee0	2024-05-02
https://git.kernel.org/stable/c/5af385f5f4cddf908f663974847a4083b2ff2c79	2024-04-29

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-35983	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2281863	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.274 < 5.4.275 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.274 < 5.4.275"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.215 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.215 < 5.10.216"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.154 < 5.15.158 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.154 < 5.15.158"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.84 < 6.1.90 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.84 < 6.1.90"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.24 < 6.6.30 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.24 < 6.6.30"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8.3 < 6.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8.3 < 6.8.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.7.12 Search vendor "Linux" for product "Linux Kernel" and version "6.7.12"		en		Affected