CVE-2024-42102

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a", "name": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807", "name": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c", "name": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59", "name": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00", "name": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d", "name": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec", "name": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63", "name": "https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\n\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\n\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits. This patch series makes sure this is true (see patch 2/2 for\nmore details).\n\n\nThis patch (of 2):\n\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\n\nThe commit is broken in several ways. Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this). Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs. We have\ndiv64_ul() in case we want to be safe & cheap. Thirdly, if dirty\nthresholds are larger than 1<<32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-369"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-42102", "ASSIGNER": "cve@kernel.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}}, "publishedDate": "2024-07-30T08:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.15.163", "versionStartIncluding": "5.15.149"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.8"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.6.39", "versionStartIncluding": "6.6.18"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.1.98", "versionStartIncluding": "6.1.79"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.10.222", "versionStartIncluding": "5.10.210"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.4.280", "versionStartIncluding": "5.4.269"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.19.318", "versionStartIncluding": "4.19.307"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-09-19T20:38Z"}