Количество 16
Количество 16
CVE-2024-26720
In the Linux kernel, the following vulnerability has been resolved: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (struct dirty_throttle_control *)->thresh is an unsigned long, but is passed as the u32 divisor argument to div_u64(). On architectures where unsigned long is 64 bytes, the argument will be implicitly truncated. Use div64_u64() instead of div_u64() so that the value used in the "is this a safe division" check is the same as the divisor. Also, remove redundant cast of the numerator to u64, as that should happen implicitly. This would be difficult to exploit in memcg domain, given the ratio-based arithmetic domain_drity_limits() uses, but is much easier in global writeback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32)
CVE-2024-26720
A vulnerability was found in the wb_dirty_limits() function in the Linux kernel memory management (mm) subsystem which can lead to a divide-by-zero error. This issue could lead to a potential kernel crash.
CVE-2024-26720
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
GHSA-wcqp-hrg4-jgjg
In the Linux kernel, the following vulnerability has been resolved: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (struct dirty_throttle_control *)->thresh is an unsigned long, but is passed as the u32 divisor argument to div_u64(). On architectures where unsigned long is 64 bytes, the argument will be implicitly truncated. Use div64_u64() instead of div_u64() so that the value used in the "is this a safe division" check is the same as the divisor. Also, remove redundant cast of the numerator to u64, as that should happen implicitly. This would be difficult to exploit in memcg domain, given the ratio-based arithmetic domain_drity_limits() uses, but is much easier in global writeback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32)
BDU:2024-08680
Уязвимость компонента writeback ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
ROS-20241021-09
Множественные уязвимости kernel-lt
RLSA-2024:6567
Moderate: kernel security update
ELSA-2024-6567
ELSA-2024-6567: kernel security update (MODERATE)
SUSE-SU-2024:2381-1
Security update for the Linux Kernel
ELSA-2024-7000
ELSA-2024-7000: kernel security update (IMPORTANT)
RLSA-2024:7000
Important: kernel security update
SUSE-SU-2024:2360-1
Security update for the Linux Kernel
SUSE-SU-2024:2561-1
Security update for the Linux Kernel
SUSE-SU-2024:2394-1
Security update for the Linux Kernel
SUSE-SU-2024:2372-1
Security update for the Linux Kernel
SUSE-SU-2024:2939-1
Security update for the Linux Kernel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-26720 In the Linux kernel, the following vulnerability has been resolved: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (struct dirty_throttle_control *)->thresh is an unsigned long, but is passed as the u32 divisor argument to div_u64(). On architectures where unsigned long is 64 bytes, the argument will be implicitly truncated. Use div64_u64() instead of div_u64() so that the value used in the "is this a safe division" check is the same as the divisor. Also, remove redundant cast of the numerator to u64, as that should happen implicitly. This would be difficult to exploit in memcg domain, given the ratio-based arithmetic domain_drity_limits() uses, but is much easier in global writeback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32) | около 1 года назад | ||
 | CVE-2024-26720 A vulnerability was found in the wb_dirty_limits() function in the Linux kernel memory management (mm) subsystem which can lead to a divide-by-zero error. This issue could lead to a potential kernel crash. | CVSS3: 5.5 | около 1 года назад | |
 | CVE-2024-26720 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | около 1 года назад | ||
| GHSA-wcqp-hrg4-jgjg In the Linux kernel, the following vulnerability has been resolved: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (struct dirty_throttle_control *)->thresh is an unsigned long, but is passed as the u32 divisor argument to div_u64(). On architectures where unsigned long is 64 bytes, the argument will be implicitly truncated. Use div64_u64() instead of div_u64() so that the value used in the "is this a safe division" check is the same as the divisor. Also, remove redundant cast of the numerator to u64, as that should happen implicitly. This would be difficult to exploit in memcg domain, given the ratio-based arithmetic domain_drity_limits() uses, but is much easier in global writeback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32) | около 1 года назад | ||
 | BDU:2024-08680 Уязвимость компонента writeback ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.5 | больше 1 года назад | |
 | ROS-20241021-09 Множественные уязвимости kernel-lt | CVSS3: 8.8 | 8 месяцев назад | |
 | RLSA-2024:6567 Moderate: kernel security update | 9 месяцев назад | ||
| ELSA-2024-6567 ELSA-2024-6567: kernel security update (MODERATE) | 9 месяцев назад | ||
 | SUSE-SU-2024:2381-1 Security update for the Linux Kernel | 11 месяцев назад | ||
| ELSA-2024-7000 ELSA-2024-7000: kernel security update (IMPORTANT) | 9 месяцев назад | ||
| RLSA-2024:7000 Important: kernel security update | около 1 месяца назад | ||
| SUSE-SU-2024:2360-1 Security update for the Linux Kernel | 12 месяцев назад | ||
| SUSE-SU-2024:2561-1 Security update for the Linux Kernel | 11 месяцев назад | ||
| SUSE-SU-2024:2394-1 Security update for the Linux Kernel | 11 месяцев назад | ||
| SUSE-SU-2024:2372-1 Security update for the Linux Kernel | 11 месяцев назад | ||
| SUSE-SU-2024:2939-1 Security update for the Linux Kernel | 10 месяцев назад |
Уязвимостей на страницу