In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: avoid overflow in damon_feed_loop_next_input()
damon_feed_loop_next_input() is inefficient and fragile to overflows.
Specifically, 'score_goal_diff_bp' calculation can overflow when 'score'
is high. The calculation is actually unnecessary at all because 'goal' is
a constant of value 10,000. Calculation of 'compensation' is again
fragile to overflow. Final calculation of return value for under-achiving
case is again fragile to overflow when the current score is
under-achieving the target.
Add two corner cases handling at the beginning of the function to make the
body easier to read, and rewrite the body of the function to avoid
overflows and the unnecessary bp value calcuation.
References
Configurations
Configuration 1 (hide)
|
History
26 Nov 2024, 22:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
References | () https://git.kernel.org/stable/c/2d339a1f0f16ff5dea58e612ff336f0be0d041e9 - Patch | |
References | () https://git.kernel.org/stable/c/4401e9d10ab0281a520b9f8c220f30f60b5c248f - Patch | |
First Time |
Linux
Linux linux Kernel |
|
CWE | CWE-190 |
19 Nov 2024, 21:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
19 Nov 2024, 02:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-19 02:16
Updated : 2024-11-26 22:38
NVD link : CVE-2024-50270
Mitre link : CVE-2024-50270
CVE.ORG link : CVE-2024-50270
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-190
Integer Overflow or Wraparound