CVE-2024-58017

Summary

In the Linux kernel, the following vulnerability has been resolved:

printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX

Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior.

This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe6fe3e5b7d16e8f146a4ae7fe481bc6e97acde1e < 54c14022fa2ba427dc543455c2cf9225903a7174affected
LinuxLinuxe6fe3e5b7d16e8f146a4ae7fe481bc6e97acde1e < dfb7b179741ee09506dc7719d92f9e1cea01f10eaffected
LinuxLinuxe6fe3e5b7d16e8f146a4ae7fe481bc6e97acde1e < bb8ff054e19fe27f4e5eaac1b05e462894cfe9b1affected
LinuxLinuxe6fe3e5b7d16e8f146a4ae7fe481bc6e97acde1e < 9a6d43844de2479a3ff8d674c3e2a16172e01598affected
LinuxLinuxe6fe3e5b7d16e8f146a4ae7fe481bc6e97acde1e < 4acf6bab775dbd22a9a799030a808a7305e01d63affected
LinuxLinuxe6fe3e5b7d16e8f146a4ae7fe481bc6e97acde1e < 404e5fd918a0b14abec06c7eca128f04c9b98e41affected
LinuxLinuxe6fe3e5b7d16e8f146a4ae7fe481bc6e97acde1e < 4a2c4e7265b8eed83c25d86d702cea06493cab18affected
LinuxLinuxe6fe3e5b7d16e8f146a4ae7fe481bc6e97acde1e < 3d6f83df8ff2d5de84b50377e4f0d45e25311c7aaffected
LinuxLinux55b2c1ccb82143be1ed9e1922976dbe63917fe68affected
LinuxLinux089d475a4cdb5848998b3cb37e545413ed054784affected
LinuxLinux695583334b6b7f82c39ee124edfbfa48145ed571affected
LinuxLinux3404019d6d0f4c0108b77d44e97e2e39ca937e6faffected
LinuxLinux4.4.203 < 4.5affected
LinuxLinux4.9.203 < 4.10affected
LinuxLinux4.14.156 < 4.15affected
LinuxLinux4.19.86 < 4.20affected
LinuxLinux4.20affected
LinuxLinux0 < 4.20unaffected
LinuxLinux5.4.291 <= 5.4.*unaffected
LinuxLinux5.10.235 <= 5.10.*unaffected
LinuxLinux5.15.179 <= 5.15.*unaffected
LinuxLinux6.1.129 <= 6.1.*unaffected
LinuxLinux6.6.78 <= 6.6.*unaffected
LinuxLinux6.12.14 <= 6.12.*unaffected
LinuxLinux6.13.3 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References