Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-42131

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-30 Jul, 2024 | 07:46
Updated At-04 May, 2025 | 09:23
Rejected At-
Credits

mm: avoid overflows in dirty throttling logic

In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to >16 TB.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:30 Jul, 2024 | 07:46
Updated At:04 May, 2025 | 09:23
Rejected At:
▼CVE Numbering Authority (CNA)
mm: avoid overflows in dirty throttling logic

In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to >16 TB.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • mm/page-writeback.c
Default Status
unaffected
Versions
Affected
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 2b2d2b8766db028bd827af34075f221ae9e9efff (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 4d3817b64eda07491bdd86a234629fe0764fb42a (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 7a49389771ae7666f4dc3426e2a4594bf23ae290 (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before a25e8536184516b55ef89ab91dd2eea429de28d2 (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before c83ed422c24f0d4b264f89291d4fabe285f80dbc (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before bd16a7ee339aef3ee4c90cb23902afb6af379ea0 (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 8e0b5e7f2895eccef5c2a0018b589266f90c4805 (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 385d838df280eba6c8680f9777bfa0d0bfe7e8b2 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • mm/page-writeback.c
Default Status
affected
Versions
Unaffected
  • From 4.19.320 through 4.19.* (semver)
  • From 5.4.282 through 5.4.* (semver)
  • From 5.10.222 through 5.10.* (semver)
  • From 5.15.163 through 5.15.* (semver)
  • From 6.1.98 through 6.1.* (semver)
  • From 6.6.39 through 6.6.* (semver)
  • From 6.9.9 through 6.9.* (semver)
  • From 6.10 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/2b2d2b8766db028bd827af34075f221ae9e9efff
N/A
https://git.kernel.org/stable/c/4d3817b64eda07491bdd86a234629fe0764fb42a
N/A
https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290
N/A
https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2
N/A
https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc
N/A
https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0
N/A
https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805
N/A
https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2
N/A
Hyperlink: https://git.kernel.org/stable/c/2b2d2b8766db028bd827af34075f221ae9e9efff
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/4d3817b64eda07491bdd86a234629fe0764fb42a
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290
x_transferred
https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2
x_transferred
https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc
x_transferred
https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0
x_transferred
https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805
x_transferred
https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2
x_transferred
Hyperlink: https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:30 Jul, 2024 | 08:15
Updated At:25 Sep, 2024 | 14:45

In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to >16 TB.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions before 4.19.320(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 4.20(inclusive) to 5.4.282(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.5(inclusive) to 5.10.222(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.11(inclusive) to 5.15.163(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.16(inclusive) to 6.1.98(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.2(inclusive) to 6.6.39(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.7(inclusive) to 6.9.9(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.10
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.10
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.10
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.10
cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.10
cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.10
cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Primarynvd@nist.gov
CWE ID: CWE-190
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/2b2d2b8766db028bd827af34075f221ae9e9efff416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/4d3817b64eda07491bdd86a234629fe0764fb42a416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Hyperlink: https://git.kernel.org/stable/c/2b2d2b8766db028bd827af34075f221ae9e9efff
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/4d3817b64eda07491bdd86a234629fe0764fb42a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

253Records found
CVE-2022-21762
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 17:41
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt9638mt9636mt6873mt6893mt6891androidmt6885mt6875mt9666mt6889mt6877mt6853mt6883MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT9636, MT9638, MT9666
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-10726
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-20 May, 2020 | 13:04
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.

Action-Not Available
Vendor-dpdk[UNKNOWN]openSUSEOracle CorporationFedora Project
Product-enterprise_communications_brokerfedoradata_plane_development_kitleapdpdk
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-9104
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.12% / 31.80%
||
7 Day CHG~0.00%
Published-09 Dec, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxopenSUSE
Product-debian_linuxleapqemun/a
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found