Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid overflow in damon_feed_loop_next_input() damon_feed_loop_next_input() is inefficient and fragile to overflows. Specifically, 'score_goal_diff_bp' calculation can overflow when 'score' is high. The calculation is actually unnecessary at all because 'goal' is a constant of value 10,000. Calculation of 'compensation' is again fragile to overflow. Final calculation of return value for under-achiving case is again fragile to overflow when the current score is under-achieving the target. Add two corner cases handling at the beginning of the function to make the body easier to read, and rewrite the body of the function to avoid overflows and the unnecessary bp value calcuation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.8, < 6.11.8 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/2d339a1f0f16ff5dea58e612ff336f0be0d041e9Patch
- https://git.kernel.org/stable/c/4401e9d10ab0281a520b9f8c220f30f60b5c248fPatch
FAQ
What is CVE-2024-50270?
CVE-2024-50270 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid overflow in damon_feed_loop_next_input() damon_feed_loop_next_input() is inefficient and fragile to overflows...
How severe is CVE-2024-50270?
CVE-2024-50270 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50270?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.