CVE-2024-36916
blk-iocost: avoid out of bounds shift
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes
iocg->delay is shifted right by a number that is too large,
resulting in undefined behavior on some architectures. [ 186.556576] ------------[ cut here ]------------
UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23
shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')
CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1
Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020
Call Trace: <IRQ> dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x1f80 __run_timer_base+0x1b6/0x250
... Avoid that undefined behavior by simply taking the
"delay = 0" branch if the shift is too large. I am not sure what the symptoms of an undefined value
delay will be, but I suspect it could be more than a
little annoying to debug.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: blk-iocost: evita cambios fuera de los límites UBSAN detecta un comportamiento indefinido en blk-iocost, donde a veces iocg->delay se desplaza hacia la derecha en un número demasiado grande, lo que resulta en un estado indefinido. comportamiento en algunas arquitecturas. [186.556576] ------------[ cortar aquí ]------------ UBSAN: desplazamiento fuera de los límites en block/blk-iocost.c:1366 :23 exponente de desplazamiento 64 es demasiado grande para el tipo de 64 bits 'u64' (también conocido como 'unsigned long long') CPU: 16 PID: 0 Comm: swapper/16 Tainted: GSEN 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Nombre de hardware: Quanta Twin Lakes MP/Twin Lakes MP pasivo, BIOS F09_3A23 08/12/2020 Seguimiento de llamadas: dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x 1f80 __run_timer_base+0x1b6/0x250 ... Evitar ese comportamiento indefinido simplemente tomando la rama "retraso = 0" si el cambio es demasiado grande. No estoy seguro de cuáles serán los síntomas de un retraso de valor indefinido, pero sospecho que podría ser más que molesto depurarlo.
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. [ 186.556576] ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23 shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long') CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020 Call Trace: <IRQ> dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x1f80 __run_timer_base+0x1b6/0x250 ... Avoid that undefined behavior by simply taking the "delay = 0" branch if the shift is too large. I am not sure what the symptoms of an undefined value delay will be, but I suspect it could be more than a little annoying to debug.
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-30 CVE Reserved
- 2024-05-30 CVE Published
- 2024-12-19 CVE Updated
- 2025-03-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/7caa47151ab2e644dd221f741ec7578d9532c9a3 | Vuln. Introduced | |
| https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.10.217 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.10.217" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.15.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.15.159" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.1.91" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.6.31" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.8.10" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.9" | en |
Affected
| ||||||