In the Linux kernel, the following vulnerability has been resolved:
sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() It
was possible to have pick_eevdf() return NULL, which then causes a
NULL-deref. This turned out to be due to entity_eligible() returning
falsely negative because of a s64 multiplcation overflow. Specifically,
reweight_eevdf() computes the vlag without considering the limit placed
upon vlag as update_entity_lag() does, and then the scaling multiplication
(remember that weight is 20bit fixed point) can overflow. This then leads
to the new vruntime being weird which then causes the above
entity_eligible() to go side-ways and claim nothing is eligible. Thus limit
the range of vlag accordingly. All this was quite rare, but fatal when it
does happen.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/1560d1f6eb6b398bddd80c16676776c0325fe5fe (6.9-rc6)
git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c
git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe
git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb
launchpad.net/bugs/cve/CVE-2024-35985
nvd.nist.gov/vuln/detail/CVE-2024-35985
security-tracker.debian.org/tracker/CVE-2024-35985
www.cve.org/CVERecord?id=CVE-2024-35985