CVE-2024-42102

Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into
32-bits. This patch series makes sure this is true (see patch 2/2 for
more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast
from the multiplication will introduce a multiplication overflow on 32-bit
archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the
default settings with 4GB of RAM will trigger this). Secondly, the
div64_u64() is unnecessarily expensive on 32-bit archs. We have
div64_ul() in case we want to be safe & cheap. Thirdly, if dirty
thresholds are larger than 1<<32 pages, then dirty balancing is going to
blow up in many other spectacular ways anyway so trying to fix one
possible overflow is just moot.

A vulnerability was found in the wb_dirty_limits() function in the Linux kernel, where a removed (u64) cast in the dtc->wb_thresh * dtc->bg_thresh operation can result in multiplication overflow on 32-bit architectures. This issue could lead to memory corruption or performance issues.

In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-29 CVE Reserved
2024-07-30 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-369: Divide By Zero

CAPEC

References (18)

URL	Tag	Source
https://git.kernel.org/stable/c/c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e	Vuln. Introduced
https://git.kernel.org/stable/c/1f12e4b3284d6c863f272eb2de0d4248ed211cf4	Vuln. Introduced
https://git.kernel.org/stable/c/81e7d2530d458548b90a5c5e76b77ad5e5d1c0df	Vuln. Introduced
https://git.kernel.org/stable/c/5099871b370335809c0fd1abad74d9c7c205d43f	Vuln. Introduced
https://git.kernel.org/stable/c/16b1025eaa8fc223ab4273ece20d1c3a4211a95d	Vuln. Introduced
https://git.kernel.org/stable/c/ec18ec230301583395576915d274b407743d8f6c	Vuln. Introduced
https://git.kernel.org/stable/c/9319b647902cbd5cc884ac08a8a6d54ce111fc78	Vuln. Introduced
https://git.kernel.org/stable/c/65977bed167a92e87085e757fffa5798f7314c9f	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a	2024-07-18
https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807	2024-07-18
https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c	2024-07-18
https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59	2024-07-18
https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00	2024-07-11
https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d	2024-07-11
https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec	2024-07-11
https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63	2024-07-03

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-42102	2024-09-11
https://bugzilla.redhat.com/show_bug.cgi?id=2301465	2024-09-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.307 < 4.19.318 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.307 < 4.19.318"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.269 < 5.4.280 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.269 < 5.4.280"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.210 < 5.10.222 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.210 < 5.10.222"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.149 < 5.15.163 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.149 < 5.15.163"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.79 < 6.1.98 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.79 < 6.1.98"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.18 < 6.6.39 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.18 < 6.6.39"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.9.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.9.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.7.6 Search vendor "Linux" for product "Linux Kernel" and version "6.7.6"		en		Affected