Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.19.307, < 4.19.318 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ecPatch
- https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942cPatch
- https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807Patch
- https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1aPatch
- https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59Patch
- https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63Patch
- https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00Patch
- https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9dPatch
- https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ecPatch
- https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942cPatch
- https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807Patch
- https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1aPatch
- https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59Patch
- https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63Patch
- https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00Patch
FAQ
What is CVE-2024-42102?
CVE-2024-42102 is a vulnerability with a CVSS score of 4.7 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty...
How severe is CVE-2024-42102?
CVE-2024-42102 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-42102?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.