CVE-2024-49933

CVE Details

Release Date:

2024-10-21

Description

In the Linux kernel, the following vulnerability has been resolved:\nblk_iocost: fix more out of bound shifts\nRecently running UBSAN caught few out of bound shifts in the\nioc_forgive_debts() function:\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38\nshift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long\nlong')\n...\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30\nshift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long\nlong')\n...\nCall Trace:\n\ndump_stack_lvl+0xca/0x130\n__ubsan_handle_shift_out_of_bounds+0x22c/0x280\n? __lock_acquire+0x6441/0x7c10\nioc_timer_fn+0x6cec/0x7750\n? blk_iocost_init+0x720/0x720\n? call_timer_fn+0x5d/0x470\ncall_timer_fn+0xfa/0x470\n? blk_iocost_init+0x720/0x720\n__run_timer_base+0x519/0x700\n...\nActual impact of this issue was not identified but I propose to fix the\nundefined behaviour.\nThe proposed fix to prevent those out of bound shifts consist of\nprecalculating exponent before using it the shift operations by taking\nmin value from the actual exponent and maximum possible number of bits.

See more information about CVE-2024-49933 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	5.5
Vector String:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version:	3.1
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	Low
User Interaction:	None
Scope:	Unchanged
Confidentiality:	None
Integrity:	None
Availability:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12887	2024-12-18
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12887	2024-12-18