Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2024-49933

Description

In the Linux kernel, the following vulnerability has been resolved:blk_iocost: fix more out of bound shiftsRecently running UBSAN caught few out of bound shifts in theioc_forgive_debts() function:UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned longlong')...UBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned longlong')...Call Trace:dump_stack_lvl+0xca/0x130__ubsan_handle_shift_out_of_bounds+0x22c/0x280? __lock_acquire+0x6441/0x7c10ioc_timer_fn+0x6cec/0x7750? blk_iocost_init+0x720/0x720? call_timer_fn+0x5d/0x470call_timer_fn+0xfa/0x470? blk_iocost_init+0x720/0x720__run_timer_base+0x519/0x700...Actual impact of this issue was not identified but I propose to fix theundefined behaviour.The proposed fix to prevent those out of bound shifts consist ofprecalculating exponent before using it the shift operations by takingmin value from the actual exponent and maximum possible number of bits.

POC

Reference

No PoCs from references.

Github

- https://github.com/w4zu/Debian_security