CVE-2024-49933

Summary

In the Linux kernel, the following vulnerability has been resolved:

blk_iocost: fix more out of bound shifts

Recently running UBSAN caught few out of bound shifts in the ioc_forgive_debts() function:

UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long long') … UBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30 shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long long') … Call Trace: <IRQ> dump_stack_lvl+0xca/0x130 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 ? __lock_acquire+0x6441/0x7c10 ioc_timer_fn+0x6cec/0x7750 ? blk_iocost_init+0x720/0x720 ? call_timer_fn+0x5d/0x470 call_timer_fn+0xfa/0x470 ? blk_iocost_init+0x720/0x720 __run_timer_base+0x519/0x700 …

Actual impact of this issue was not identified but I propose to fix the undefined behaviour. The proposed fix to prevent those out of bound shifts consist of precalculating exponent before using it the shift operations by taking min value from the actual exponent and maximum possible number of bits.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbec02dbbafad534674309f8b948094900f456797 < 1f61d509257d6a05763d05bf37943b35306522b1affected
LinuxLinuxbec02dbbafad534674309f8b948094900f456797 < f4ef9bef023d5c543cb0f3194ecacfd47ef590ecaffected
LinuxLinuxbec02dbbafad534674309f8b948094900f456797 < 59121bb38fdc01434ea3fe361ee02b59f036227faffected
LinuxLinuxbec02dbbafad534674309f8b948094900f456797 < 1ab2cfe19700fb3dde4c7dfec392acff34db3120affected
LinuxLinuxbec02dbbafad534674309f8b948094900f456797 < 1b120f151871eb47ce9f283c007af3f8ae1d990eaffected
LinuxLinuxbec02dbbafad534674309f8b948094900f456797 < 364022095bdd4108efdaaa68576afa4712a5d085affected
LinuxLinuxbec02dbbafad534674309f8b948094900f456797 < 9bce8005ec0dcb23a58300e8522fe4a31da606faaffected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux5.10.227 <= 5.10.*unaffected
LinuxLinux5.15.168 <= 5.15.*unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.55 <= 6.6.*unaffected
LinuxLinux6.10.14 <= 6.10.*unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References