Описание
A vulnerability was found in the wb_dirty_limits() function in the Linux kernel memory management (mm) subsystem which can lead to a divide-by-zero error. This issue could lead to a potential kernel crash.
Отчет
This vulnerability is rated as moderate because the conditions necessary to exploit it and cause a potential denial of service (DoS) would require specific conditions to manipulate the wb_dirty_limits() function in the context of global writeback operations.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2024:7001 | 24.09.2024 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2024:7000 | 24.09.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | kernel | Fixed | RHSA-2024:6206 | 03.09.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2024:6567 | 11.09.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2024:6567 | 11.09.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | kernel | Fixed | RHSA-2024:4533 | 15.07.2024 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (struct dirty_throttle_control *)->thresh is an unsigned long, but is passed as the u32 divisor argument to div_u64(). On architectures where unsigned long is 64 bytes, the argument will be implicitly truncated. Use div64_u64() instead of div_u64() so that the value used in the "is this a safe division" check is the same as the divisor. Also, remove redundant cast of the numerator to u64, as that should happen implicitly. This would be difficult to exploit in memcg domain, given the ratio-based arithmetic domain_drity_limits() uses, but is much easier in global writeback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32)
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
In the Linux kernel, the following vulnerability has been resolved: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (struct dirty_throttle_control *)->thresh is an unsigned long, but is passed as the u32 divisor argument to div_u64(). On architectures where unsigned long is 64 bytes, the argument will be implicitly truncated. Use div64_u64() instead of div_u64() so that the value used in the "is this a safe division" check is the same as the divisor. Also, remove redundant cast of the numerator to u64, as that should happen implicitly. This would be difficult to exploit in memcg domain, given the ratio-based arithmetic domain_drity_limits() uses, but is much easier in global writeback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32)
Уязвимость компонента writeback ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
5.5 Medium
CVSS3