CVE-2024-42131: mm: avoid overflows in dirty throttling logic
First published: Tue Jul 30 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to >16 TB.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <5.10.222 | 5.10.222 |
| redhat/kernel | <5.15.163 | 5.15.163 |
| redhat/kernel | <6.1.98 | 6.1.98 |
| redhat/kernel | <6.6.39 | 6.6.39 |
| redhat/kernel | <6.9.9 | 6.9.9 |
| redhat/kernel | <6.10 | 6.10 |
| Linux Kernel | <4.19.320 | |
| Linux Kernel | >=4.20<5.4.282 | |
| Linux Kernel | >=5.5<5.10.222 | |
| Linux Kernel | >=5.11<5.15.163 | |
| Linux Kernel | >=5.16<6.1.98 | |
| Linux Kernel | >=6.2<6.6.39 | |
| Linux Kernel | >=6.7<6.9.9 | |
| Linux Kernel | =6.10-rc1 | |
| Linux Kernel | =6.10-rc2 | |
| Linux Kernel | =6.10-rc3 | |
| Linux Kernel | =6.10-rc4 | |
| Linux Kernel | =6.10-rc5 | |
| Linux Kernel | =6.10-rc6 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1 | |
| debian/linux-6.1 | 6.1.129-1~deb11u1 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lore.kernel.org/linux-cve-announce/2024073027-CVE-2024-42131-2f7f@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2301812
- https://access.redhat.com/errata/RHSA-2024:6268
- https://access.redhat.com/errata/RHSA-2024:6267
- https://access.redhat.com/errata/RHSA-2024:6567
- https://access.redhat.com/errata/RHSA-2024:7001
- https://access.redhat.com/errata/RHSA-2024:7000
- https://bugzilla.redhat.com/show_bug.cgi?id=2301496
- https://git.kernel.org/stable/c/2b2d2b8766db028bd827af34075f221ae9e9efff
- https://git.kernel.org/stable/c/4d3817b64eda07491bdd86a234629fe0764fb42a
- https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290
- https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2
- https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc
- https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0
- https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805
- https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131
- https://nvd.nist.gov/vuln/detail/CVE-2024-42131
- https://launchpad.net/bugs/cve/CVE-2024-42131
- https://security-tracker.debian.org/tracker/CVE-2024-42131
- https://ubuntu.com/security/CVE-2024-42131
- https://git.kernel.org/linus/385d838df280eba6c8680f9777bfa0d0bfe7e8b2
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-42131?
The severity of CVE-2024-42131 is classified as medium.
How do I fix CVE-2024-42131?
You can fix CVE-2024-42131 by upgrading to kernel versions 5.10.222 or later, 5.15.163 or later, 6.1.98 or later, or 6.6.39 or later.
What systems are affected by CVE-2024-42131?
CVE-2024-42131 affects various versions of the Linux kernel from versions prior to 5.10.222 up to 6.10.
Is CVE-2024-42131 being actively exploited?
As of now, there are no publicly reported exploits associated with CVE-2024-42131.
What are the potential impacts of CVE-2024-42131 if left unpatched?
If left unpatched, CVE-2024-42131 could potentially lead to system instability or performance issues due to flaws in the dirty throttling logic.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/remedy
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-42131
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/trending
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.10-rc1
- version/linux kernel/6.10-rc2
- version/linux kernel/6.10-rc3
- version/linux kernel/6.10-rc4
- version/linux kernel/6.10-rc5
- version/linux kernel/6.10-rc6
- package-manager/debian
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2