CVE-2024-42102

Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

NVD
RedHat

In the Linux kernel, the following vulnerability has been resolved:

Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"

Patch series "mm: Avoid possible overflows in dirty throttling".

Dirty throttling logic assumes dirty limits in page units fit into
32-bits. This patch series makes sure this is true (see patch 2/2 for
more details).

This patch (of 2):

This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.

The commit is broken in several ways. Firstly, the removed (u64) cast
from the multiplication will introduce a multiplication overflow on 32-bit
archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the
default settings with 4GB of RAM will trigger this). Secondly, the
div64_u64() is unnecessarily expensive on 32-bit archs. We have
div64_ul() in case we want to be safe & cheap. Thirdly, if dirty
thresholds are larger than 1<<32 pages, then dirty balancing is going to
blow up in many other spectacular ways anyway so trying to fix one
possible overflow is just moot.

A vulnerability was found in the wb_dirty_limits() function in the Linux kernel, where a removed (u64) cast in the dtc->wb_thresh * dtc->bg_thresh operation can result in multiplication overflow on 32-bit architectures. This issue could lead to memory corruption or performance issues.

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.7

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-29 CVE Reserved
2024-07-30 CVE Published
2024-08-22 EPSS Updated
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-369: Divide By Zero

CAPEC

References (18)

URL	Tag	Source
https://git.kernel.org/stable/c/c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e	Vuln. Introduced
https://git.kernel.org/stable/c/1f12e4b3284d6c863f272eb2de0d4248ed211cf4	Vuln. Introduced
https://git.kernel.org/stable/c/81e7d2530d458548b90a5c5e76b77ad5e5d1c0df	Vuln. Introduced
https://git.kernel.org/stable/c/5099871b370335809c0fd1abad74d9c7c205d43f	Vuln. Introduced
https://git.kernel.org/stable/c/16b1025eaa8fc223ab4273ece20d1c3a4211a95d	Vuln. Introduced
https://git.kernel.org/stable/c/ec18ec230301583395576915d274b407743d8f6c	Vuln. Introduced
https://git.kernel.org/stable/c/9319b647902cbd5cc884ac08a8a6d54ce111fc78	Vuln. Introduced
https://git.kernel.org/stable/c/65977bed167a92e87085e757fffa5798f7314c9f	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a	2024-07-18
https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807	2024-07-18
https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c	2024-07-18
https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59	2024-07-18
https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00	2024-07-11
https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d	2024-07-11
https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec	2024-07-11
https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63	2024-07-03

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-42102	2024-09-11
https://bugzilla.redhat.com/show_bug.cgi?id=2301465	2024-09-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.307 < 4.19.318 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.307 < 4.19.318"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.269 < 5.4.280 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.269 < 5.4.280"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.210 < 5.10.222 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.210 < 5.10.222"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.149 < 5.15.163 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.149 < 5.15.163"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.79 < 6.1.98 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.79 < 6.1.98"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.18 < 6.6.39 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.18 < 6.6.39"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.9.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.9.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.7.6 Search vendor "Linux" for product "Linux Kernel" and version "6.7.6"		en		Affected