Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2024-42131
HistoryJul 30, 2024 - 8:15 a.m.

CVE-2024-42131

2024-07-3008:15:05
Google
osv.dev
4
linux kernel
vulnerability
dirty throttling
overflow
memory limit

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

mm: avoid overflows in dirty throttling logic

The dirty throttling logic is interspersed with assumptions that dirty
limits in PAGE_SIZE units fit into 32-bit (so that various multiplications
fit into 64-bits). If limits end up being larger, we will hit overflows,
possible divisions by 0 etc. Fix these problems by never allowing so
large dirty limits as they have dubious practical value anyway. For
dirty_bytes / dirty_background_bytes interfaces we can just refuse to set
so large limits. For dirty_ratio / dirty_background_ratio it isn’t so
simple as the dirty limit is computed from the amount of available memory
which can change due to memory hotplug etc. So when converting dirty
limits from ratios to numbers of pages, we just don’t allow the result to
exceed UINT_MAX.

This is root-only triggerable problem which occurs when the operator
sets dirty limits to >16 TB.

Related

vulnrichment 1
cvelist 1
nvd 1
redhatcve 1
ubuntucve 1
debiancve 1
cve 1
redhat 4
nessus 13
osv 8
rocky 2
oraclelinux 2
photon 1
openvas 6
mageia 2
vulnrichment
vulnrichment
CVE-2024-42131 mm: avoid overflows in dirty throttling logic
2024-07-30 07:46:26
cvelist
cvelist
CVE-2024-42131 mm: avoid overflows in dirty throttling logic
2024-07-30 07:46:26
nvd
nvd
CVE-2024-42131
2024-07-30 08:15:05
redhatcve
redhatcve
CVE-2024-42131
2024-07-31 09:20:00
ubuntucve
ubuntucve
CVE-2024-42131
2024-07-30 00:00:00
debiancve
debiancve
CVE-2024-42131
2024-07-30 08:15:05
cve
cve
CVE-2024-42131
2024-07-30 08:15:05
redhat
redhat
(RHSA-2024:6268) Moderate: kernel-rt security update
2024-09-04 00:06:53
(RHSA-2024:6267) Moderate: kernel security update
2024-09-04 00:06:41
(RHSA-2024:6567) Moderate: kernel security update
2024-09-11 00:05:08
nessus
nessus
RHEL 9 : kernel-rt (RHSA-2024:6268)
2024-09-04 00:00:00
RHEL 9 : kernel (RHSA-2024:6267)
2024-09-04 00:00:00
Oracle Linux 9 : kernel (ELSA-2024-6567)
2024-09-12 00:00:00
osv
osv
Moderate: kernel security update
2024-09-17 00:55:50
Moderate: kernel security update
2024-09-17 00:57:55
linux - security update
2024-08-12 00:00:00
rocky
rocky
kernel security update
2024-09-17 00:55:50
kernel security update
2024-09-17 00:57:55
oraclelinux
oraclelinux
kernel security update
2024-09-11 00:00:00
Unbreakable Enterprise kernel security update
2024-09-12 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0345
2024-08-09 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5747-1)
2024-08-13 00:00:00
Mageia: Security Advisory (MGASA-2024-0278)
2024-08-07 00:00:00
Mageia: Security Advisory (MGASA-2024-0277)
2024-08-07 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2024-08-07 08:49:38
Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities
2024-08-07 08:49:38

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for OSV:CVE-2024-42131
vulnrichment1cvelist1nvd1redhatcve1ubuntucve1debiancve1cve1redhat4nessus13osv8rocky2oraclelinux2photon1openvas6mageia2