U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2024-42102 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec CVE, kernel.org Patch 
https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c CVE, kernel.org Patch 
https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a CVE, kernel.org Patch 
https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d CVE, kernel.org Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-369 Divide By Zero cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-42102
NVD Published Date:
07/30/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org