CVE-2024-35985
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()
It was possible to have pick_eevdf() return NULL, which then causes a NULL-deref. This turned out to be due to entity_eligible() returning falsely negative because of a s64 multiplcation overflow.
Specifically, reweight_eevdf() computes the vlag without considering the limit placed upon vlag as update_entity_lag() does, and then the scaling multiplication (remember that weight is 20bit fixed point) can overflow. This then leads to the new vruntime being weird which then causes the above entity_eligible() to go side-ways and claim nothing is eligible.
Thus limit the range of vlag accordingly.
All this was quite rare, but fatal when it does happen.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 14204acc09f652169baed1141c671429047b1313 < 470d347b14b0ecffa9b39cf8f644fa2351db3efb | affected |
| Linux | Linux | eab03c23c2a162085b13200d7942fc5a00b5ccc8 < 06f27e6d7bf0abf54488259ef36bbf0e1fccb35c | affected |
| Linux | Linux | eab03c23c2a162085b13200d7942fc5a00b5ccc8 < 1560d1f6eb6b398bddd80c16676776c0325fe5fe | affected |
| Linux | Linux | 6.6.4 < 6.6.30 | affected |
| Linux | Linux | 6.7 | affected |
| Linux | Linux | 0 < 6.7 | unaffected |
| Linux | Linux | 6.6.30 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.9 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb
- https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c
- https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb
- https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c
- https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.