4.7
MEDIUM
CVE-2024-42102
"KernelLinux Divide By Zero Vulnerability"
Description

In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.

INFO

Published Date :

July 30, 2024, 8:15 a.m.

Last Modified :

Sept. 19, 2024, 8:38 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.0
Affected Products

The following products are affected by CVE-2024-42102 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-42102.

URL Resource
https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec Patch
https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c Patch
https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807 Patch
https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a Patch
https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59 Patch
https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63 Patch
https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00 Patch
https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-42102 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-42102 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Reanalysis by [email protected]

    Sep. 19, 2024

    Action Type Old Value New Value
    Removed CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CVSS V3.1 NIST AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Initial Analysis by [email protected]

    Aug. 21, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Changed Reference Type https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec No Types Assigned https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec Patch
    Changed Reference Type https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c No Types Assigned https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c Patch
    Changed Reference Type https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807 No Types Assigned https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807 Patch
    Changed Reference Type https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a No Types Assigned https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a Patch
    Changed Reference Type https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59 No Types Assigned https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59 Patch
    Changed Reference Type https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63 No Types Assigned https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63 Patch
    Changed Reference Type https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00 No Types Assigned https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00 Patch
    Changed Reference Type https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d No Types Assigned https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d Patch
    Added CWE NIST CWE-369
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.307 up to (excluding) 4.19.318 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.269 up to (excluding) 5.4.280 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.210 up to (excluding) 5.10.222 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.149 up to (excluding) 5.15.163 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.79 up to (excluding) 6.1.98 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.18 up to (excluding) 6.6.39 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8 up to (excluding) 6.9.9
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jul. 30, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.
    Added Reference kernel.org https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-42102 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-42102 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: