CVE-2024-50270: mm/damon/core: avoid overflow in damon_feed_loop_next_input()

First published: Tue Nov 19 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid overflow in damon_feed_loop_next_input() damon_feed_loop_next_input() is inefficient and fragile to overflows. Specifically, 'score_goal_diff_bp' calculation can overflow when 'score' is high. The calculation is actually unnecessary at all because 'goal' is a constant of value 10,000. Calculation of 'compensation' is again fragile to overflow. Final calculation of return value for under-achiving case is again fragile to overflow when the current score is under-achieving the target. Add two corner cases handling at the beginning of the function to make the body easier to read, and rewrite the body of the function to avoid overflows and the unnecessary bp value calcuation.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/title
• agent/references
• agent/type
• agent/description
• agent/first-publish-date
• agent/author
• agent/event
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/weakness
• agent/severity
• agent/remedy
• agent/softwarecombine
• agent/tags
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/source
• vendor/linux
• canonical/linux linux kernel
• version/linux linux kernel/6.8
• version/linux linux kernel/6.12-rc1
• version/linux linux kernel/6.12-rc2
• version/linux linux kernel/6.12-rc3
• version/linux linux kernel/6.12-rc4
• version/linux linux kernel/6.12-rc5
• version/linux linux kernel/6.12-rc6