CVE-2024-49933: blk_iocost: fix more out of bound shifts
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: blk_iocost: fix more out of bound shifts Recently running UBSAN caught few out of bound shifts in the ioc_forgive_debts() function: UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long long') ... UBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30 shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long long') ... Call Trace: <IRQ> dump_stack_lvl+0xca/0x130 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 ? __lock_acquire+0x6441/0x7c10 ioc_timer_fn+0x6cec/0x7750 ? blk_iocost_init+0x720/0x720 ? call_timer_fn+0x5d/0x470 call_timer_fn+0xfa/0x470 ? blk_iocost_init+0x720/0x720 __run_timer_base+0x519/0x700 ... Actual impact of this issue was not identified but I propose to fix the undefined behaviour. The proposed fix to prevent those out of bound shifts consist of precalculating exponent before using it the shift operations by taking min value from the actual exponent and maximum possible number of bits.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <5.10.227 | |
| Linux Linux kernel | >=5.11<5.15.168 | |
| Linux Linux kernel | >=5.16<6.1.113 | |
| Linux Linux kernel | >=6.2<6.6.55 | |
| Linux Linux kernel | >=6.7<6.10.14 | |
| Linux Linux kernel | >=6.11<6.11.3 | |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/1ab2cfe19700fb3dde4c7dfec392acff34db3120
- https://git.kernel.org/stable/c/1b120f151871eb47ce9f283c007af3f8ae1d990e
- https://git.kernel.org/stable/c/1f61d509257d6a05763d05bf37943b35306522b1
- https://git.kernel.org/stable/c/364022095bdd4108efdaaa68576afa4712a5d085
- https://git.kernel.org/stable/c/59121bb38fdc01434ea3fe361ee02b59f036227f
- https://git.kernel.org/stable/c/9bce8005ec0dcb23a58300e8522fe4a31da606fa
- https://git.kernel.org/stable/c/f4ef9bef023d5c543cb0f3194ecacfd47ef590ec
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49933
- https://nvd.nist.gov/vuln/detail/CVE-2024-49933
- https://launchpad.net/bugs/cve/CVE-2024-49933
- https://security-tracker.debian.org/tracker/CVE-2024-49933
- https://ubuntu.com/security/CVE-2024-49933
- https://git.kernel.org/linus/9bce8005ec0dcb23a58300e8522fe4a31da606fa
- agent/title
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/author
- agent/references
- collector/nvd-cve
- agent/softwarecombine
- agent/trending
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.11
- version/linux linux kernel/5.16
- version/linux linux kernel/6.2
- version/linux linux kernel/6.7
- version/linux linux kernel/6.11
- package-manager/debian