GHSA-572c-4f8h-65c4

Опубликовано: 27 фев. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.5

Описание

In the Linux kernel, the following vulnerability has been resolved:

printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX

Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior.

This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer.

In the Linux kernel, the following vulnerability has been resolved:

printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX

Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior.

This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer.

Ссылки

EPSS

Процентиль: 17%

0.00055

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2024-58017

Дефекты

CWE-190

Связанные уязвимости

CVE-2024-58017

CVSS3: 5.5

ubuntu

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior. This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer.