CVE-2024-35827

2024-05-1700:00:00

ubuntu.com

linux kernel

io_uring/net

vulnerability

fixed

overflow check

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

In the Linux kernel, the following vulnerability has been resolved:
io_uring/net: fix overflow check in io_recvmsg_mshot_prep() The
“controllen” variable is type size_t (unsigned long). Casting it to int
could lead to an integer underflow. The check_add_overflow() function
considers the type of the destination which is type int. If we add two
positive values and the result cannot fit in an integer then that’s counted
as an overflow. However, if we cast “controllen” to an int and it turns
negative, then negative values can fit into an int type so there is no
overflow. Good: 100 + (unsigned long)-4 = 96 <– overflow Bad: 100 +
(int)-4 = 96 <– no overflow I deleted the cast of the sizeof() as well.
That’s not a bug but the cast is unnecessary.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< 6.8.0-35.35UNKNOWN
ubuntu23.10noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< 6.8.0-1009.9UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu23.10noarchlinux-azure< anyUNKNOWN
ubuntu24.04noarchlinux-azure< 6.8.0-1008.8UNKNOWN
ubuntu22.04noarchlinux-azure-6.5< anyUNKNOWN
ubuntu23.10noarchlinux-gcp< anyUNKNOWN
ubuntu24.04noarchlinux-gcp< 6.8.0-1008.9UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< 6.8.0-35.35	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< 6.8.0-1009.9	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	23.10	noarch	linux-azure	< any	UNKNOWN
ubuntu	24.04	noarch	linux-azure	< 6.8.0-1008.8	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< any	UNKNOWN
ubuntu	23.10	noarch	linux-gcp	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gcp	< 6.8.0-1008.9	UNKNOWN