CVE-2024-36916 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. [ 186.556576] ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23 shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long') CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020 Call Trace: <IRQ> dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x1f80 __run_timer_base+0x1b6/0x250 ... Avoid that undefined behavior by simply taking the "delay = 0" branch if the shift is too large. I am not sure what the symptoms of an undefined value delay will be, but I suspect it could be more than a little annoying to debug.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b
https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5
https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1
https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d
https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86
https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
https://lore.kernel.org/linux-cve-announce/2024053038-CVE-2024-36916-ebf8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-36916
https://security.netapp.com/advisory/ntap-20240905-0006/
https://www.cve.org/CVERecord?id=CVE-2024-36916

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0015}`	epss `{'score': 0.00129}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html https://security.netapp.com/advisory/ntap-20240905-0006/

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

Mon, 04 Nov 2024 21:15:00 +0000

Type	Values Removed	Values Added
References	https://security.netapp.com/advisory/ntap-20240905-0006/
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}`

Thu, 05 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240905-0006/
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-30T15:29:12.745Z

Updated: 2025-05-20T14:27:33.761Z

Reserved: 2024-05-30T15:25:07.068Z

Link: CVE-2024-36916

Vulnrichment

Updated: 2024-09-05T08:03:32.685Z

NVD

Status : Awaiting Analysis

Published: 2024-05-30T16:15:14.963

Modified: 2024-11-21T09:22:48.607

Link: CVE-2024-36916

Redhat

Severity : Low

Publid Date: 2024-05-30T00:00:00Z

Links: CVE-2024-36916 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-36916", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-30T15:25:07.068Z", "datePublished": "2024-05-30T15:29:12.745Z", "dateUpdated": "2025-05-20T14:27:33.761Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-20T14:27:33.761Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: avoid out of bounds shift\n\nUBSAN catches undefined behavior in blk-iocost, where sometimes\niocg->delay is shifted right by a number that is too large,\nresulting in undefined behavior on some architectures.\n\n[ 186.556576] ------------[ cut here ]------------\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23\nshift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')\nCPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1\nHardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020\nCall Trace:\n <IRQ>\n dump_stack_lvl+0x8f/0xe0\n __ubsan_handle_shift_out_of_bounds+0x22c/0x280\n iocg_kick_delay+0x30b/0x310\n ioc_timer_fn+0x2fb/0x1f80\n __run_timer_base+0x1b6/0x250\n...\n\nAvoid that undefined behavior by simply taking the\n\"delay = 0\" branch if the shift is too large.\n\nI am not sure what the symptoms of an undefined value\ndelay will be, but I suspect it could be more than a\nlittle annoying to debug."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["block/blk-iocost.c"], "versions": [{"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "62accf6c1d7b433752cb3591bba8967b7a801ad5", "status": "affected", "versionType": "git"}, {"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1", "status": "affected", "versionType": "git"}, {"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca", "status": "affected", "versionType": "git"}, {"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "ce0e99cae00e3131872936713b7f55eefd53ab86", "status": "affected", "versionType": "git"}, {"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "488dc6808cb8369685f18cee81e88e7052ac153b", "status": "affected", "versionType": "git"}, {"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "beaa51b36012fad5a4d3c18b88a617aea7a9b96d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["block/blk-iocost.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.217", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.159", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.91", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.31", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.10", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.10.217"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.15.159"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.1.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.6.31"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.8.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"}, {"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"}, {"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"}, {"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"}, {"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"}, {"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"}], "title": "blk-iocost: avoid out of bounds shift", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T19:19:24.548838Z", "id": "CVE-2024-36916", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-04T20:36:10.637Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240905-0006/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-05T08:03:32.685Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240905-0006/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-05T08:03:32.685Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-36916", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T19:19:24.548838Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:19:30.921Z"}}], "cna": {"title": "blk-iocost: avoid out of bounds shift", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "62accf6c1d7b433752cb3591bba8967b7a801ad5", "versionType": "git"}, {"status": "affected", "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1", "versionType": "git"}, {"status": "affected", "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca", "versionType": "git"}, {"status": "affected", "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "ce0e99cae00e3131872936713b7f55eefd53ab86", "versionType": "git"}, {"status": "affected", "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "488dc6808cb8369685f18cee81e88e7052ac153b", "versionType": "git"}, {"status": "affected", "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542", "lessThan": "beaa51b36012fad5a4d3c18b88a617aea7a9b96d", "versionType": "git"}], "programFiles": ["block/blk-iocost.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.217", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.159", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.91", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.31", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.10", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["block/blk-iocost.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"}, {"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"}, {"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"}, {"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"}, {"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"}, {"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: avoid out of bounds shift\n\nUBSAN catches undefined behavior in blk-iocost, where sometimes\niocg->delay is shifted right by a number that is too large,\nresulting in undefined behavior on some architectures.\n\n[ 186.556576] ------------[ cut here ]------------\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23\nshift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')\nCPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1\nHardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020\nCall Trace:\n <IRQ>\n dump_stack_lvl+0x8f/0xe0\n __ubsan_handle_shift_out_of_bounds+0x22c/0x280\n iocg_kick_delay+0x30b/0x310\n ioc_timer_fn+0x2fb/0x1f80\n __run_timer_base+0x1b6/0x250\n...\n\nAvoid that undefined behavior by simply taking the\n\"delay = 0\" branch if the shift is too large.\n\nI am not sure what the symptoms of an undefined value\ndelay will be, but I suspect it could be more than a\nlittle annoying to debug."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.217", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.159", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.91", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.31", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.10", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9", "versionStartIncluding": "5.10"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-20T14:27:33.761Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36916", "state": "PUBLISHED", "dateUpdated": "2025-05-20T14:27:33.761Z", "dateReserved": "2024-05-30T15:25:07.068Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-30T15:29:12.745Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: avoid out of bounds shift\n\nUBSAN catches undefined behavior in blk-iocost, where sometimes\niocg->delay is shifted right by a number that is too large,\nresulting in undefined behavior on some architectures.\n\n[ 186.556576] ------------[ cut here ]------------\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23\nshift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')\nCPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1\nHardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020\nCall Trace:\n <IRQ>\n dump_stack_lvl+0x8f/0xe0\n __ubsan_handle_shift_out_of_bounds+0x22c/0x280\n iocg_kick_delay+0x30b/0x310\n ioc_timer_fn+0x2fb/0x1f80\n __run_timer_base+0x1b6/0x250\n...\n\nAvoid that undefined behavior by simply taking the\n\"delay = 0\" branch if the shift is too large.\n\nI am not sure what the symptoms of an undefined value\ndelay will be, but I suspect it could be more than a\nlittle annoying to debug."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: blk-iocost: evita cambios fuera de los l\u00edmites UBSAN detecta un comportamiento indefinido en blk-iocost, donde a veces iocg->delay se desplaza hacia la derecha en un n\u00famero demasiado grande, lo que resulta en un estado indefinido. comportamiento en algunas arquitecturas. [186.556576] ------------[ cortar aqu\u00ed ]------------ UBSAN: desplazamiento fuera de los l\u00edmites en block/blk-iocost.c:1366 :23 exponente de desplazamiento 64 es demasiado grande para el tipo de 64 bits 'u64' (tambi\u00e9n conocido como 'unsigned long long') CPU: 16 PID: 0 Comm: swapper/16 Tainted: GSEN 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Nombre de hardware: Quanta Twin Lakes MP/Twin Lakes MP pasivo, BIOS F09_3A23 08/12/2020 Seguimiento de llamadas: dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x 1f80 __run_timer_base+0x1b6/0x250 ... Evitar ese comportamiento indefinido simplemente tomando la rama \"retraso = 0\" si el cambio es demasiado grande. No estoy seguro de cu\u00e1les ser\u00e1n los s\u00edntomas de un retraso de valor indefinido, pero sospecho que podr\u00eda ser m\u00e1s que molesto depurarlo."}], "id": "CVE-2024-36916", "lastModified": "2024-11-21T09:22:48.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-30T16:15:14.963", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240905-0006/"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: blk-iocost: avoid out of bounds shift", "id": "2284521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284521"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nblk-iocost: avoid out of bounds shift\nUBSAN catches undefined behavior in blk-iocost, where sometimes\niocg->delay is shifted right by a number that is too large,\nresulting in undefined behavior on some architectures.\n[ 186.556576] ------------[ cut here ]------------\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23\nshift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')\nCPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1\nHardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020\nCall Trace:\n<IRQ>\ndump_stack_lvl+0x8f/0xe0\n__ubsan_handle_shift_out_of_bounds+0x22c/0x280\niocg_kick_delay+0x30b/0x310\nioc_timer_fn+0x2fb/0x1f80\n__run_timer_base+0x1b6/0x250\n...\nAvoid that undefined behavior by simply taking the\n\"delay = 0\" branch if the shift is too large.\nI am not sure what the symptoms of an undefined value\ndelay will be, but I suspect it could be more than a\nlittle annoying to debug."], "name": "CVE-2024-36916", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36916\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36916\nhttps://lore.kernel.org/linux-cve-announce/2024053038-CVE-2024-36916-ebf8@gregkh/T"], "threat_severity": "Low"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object