{ "threat_severity" : "Moderate", "public_date" : "2024-07-30T00:00:00Z", "bugzilla" : { "description" : "kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"", "id" : "2301465", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2301465" }, "cvss3" : { "cvss3_base_score" : "4.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-369", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits. This patch series makes sure this is true (see patch 2/2 for\nmore details).\nThis patch (of 2):\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\nThe commit is broken in several ways. Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this). Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs. We have\ndiv64_ul() in case we want to be safe & cheap. Thirdly, if dirty\nthresholds are larger than 1<<32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot.", "A vulnerability was found in the wb_dirty_limits() function in the Linux kernel, where a removed (u64) cast in the dtc->wb_thresh * dtc->bg_thresh operation can result in multiplication overflow on 32-bit architectures. This issue could lead to memory corruption or performance issues." ], "statement" : "Red Hat rates this as Moderate severity with an Attack Complexity rating of High, given that an attacker needs to be able to create enough dirty data (data not yet written to disk) in memory to cause the multiplication overflow, something which is more likely to be effective on systems with just 4GB of RAM, and would require the attacker to have this information about a given system when targeting their attack for a higher likelihood of success.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-09-11T00:00:00Z", "advisory" : "RHSA-2024:6567", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.35.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-09-11T00:00:00Z", "advisory" : "RHSA-2024:6567", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.35.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-09-04T00:00:00Z", "advisory" : "RHSA-2024:6267", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "kernel-0:5.14.0-284.82.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-09-04T00:00:00Z", "advisory" : "RHSA-2024:6268", "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-42102\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42102\nhttps://lore.kernel.org/linux-cve-announce/2024073019-CVE-2024-42102-bcee@gregkh/T" ], "name" : "CVE-2024-42102", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }