{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35985", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.145Z", "datePublished": "2024-05-20T09:47:52.389Z", "dateUpdated": "2024-12-19T08:59:39.041Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:59:39.041Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()\n\nIt was possible to have pick_eevdf() return NULL, which then causes a\nNULL-deref. This turned out to be due to entity_eligible() returning\nfalsely negative because of a s64 multiplcation overflow.\n\nSpecifically, reweight_eevdf() computes the vlag without considering\nthe limit placed upon vlag as update_entity_lag() does, and then the\nscaling multiplication (remember that weight is 20bit fixed point) can\noverflow. This then leads to the new vruntime being weird which then\ncauses the above entity_eligible() to go side-ways and claim nothing\nis eligible.\n\nThus limit the range of vlag accordingly.\n\nAll this was quite rare, but fatal when it does happen."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/sched/fair.c"], "versions": [{"version": "14204acc09f652169baed1141c671429047b1313", "lessThan": "470d347b14b0ecffa9b39cf8f644fa2351db3efb", "status": "affected", "versionType": "git"}, {"version": "eab03c23c2a162085b13200d7942fc5a00b5ccc8", "lessThan": "06f27e6d7bf0abf54488259ef36bbf0e1fccb35c", "status": "affected", "versionType": "git"}, {"version": "eab03c23c2a162085b13200d7942fc5a00b5ccc8", "lessThan": "1560d1f6eb6b398bddd80c16676776c0325fe5fe", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/sched/fair.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.30", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.9", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb"}, {"url": "https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c"}, {"url": "https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe"}], "title": "sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:11.561Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35985", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:40:16.595087Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:32:48.299Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:11.561Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35985", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:40:16.595087Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:12.555Z"}}], "cna": {"title": "sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "14204acc09f6", "lessThan": "470d347b14b0", "versionType": "git"}, {"status": "affected", "version": "eab03c23c2a1", "lessThan": "06f27e6d7bf0", "versionType": "git"}, {"status": "affected", "version": "eab03c23c2a1", "lessThan": "1560d1f6eb6b", "versionType": "git"}], "programFiles": ["kernel/sched/fair.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.7"}, {"status": "unaffected", "version": "0", "lessThan": "6.7", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.30", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.9", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/sched/fair.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb"}, {"url": "https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c"}, {"url": "https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()\n\nIt was possible to have pick_eevdf() return NULL, which then causes a\nNULL-deref. This turned out to be due to entity_eligible() returning\nfalsely negative because of a s64 multiplcation overflow.\n\nSpecifically, reweight_eevdf() computes the vlag without considering\nthe limit placed upon vlag as update_entity_lag() does, and then the\nscaling multiplication (remember that weight is 20bit fixed point) can\noverflow. This then leads to the new vruntime being weird which then\ncauses the above entity_eligible() to go side-ways and claim nothing\nis eligible.\n\nThus limit the range of vlag accordingly.\n\nAll this was quite rare, but fatal when it does happen."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:26:15.347Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35985", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:26:15.347Z", "dateReserved": "2024-05-17T13:50:33.145Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-20T09:47:52.389Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFFE891E-8131-42AA-87DF-875DEFF1AFEA", "versionEndExcluding": "6.6.30", "versionStartIncluding": "6.6.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612", "versionEndExcluding": "6.8.9", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()\n\nIt was possible to have pick_eevdf() return NULL, which then causes a\nNULL-deref. This turned out to be due to entity_eligible() returning\nfalsely negative because of a s64 multiplcation overflow.\n\nSpecifically, reweight_eevdf() computes the vlag without considering\nthe limit placed upon vlag as update_entity_lag() does, and then the\nscaling multiplication (remember that weight is 20bit fixed point) can\noverflow. This then leads to the new vruntime being weird which then\ncauses the above entity_eligible() to go side-ways and claim nothing\nis eligible.\n\nThus limit the range of vlag accordingly.\n\nAll this was quite rare, but fatal when it does happen."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sched/eevdf: evita que vlag se salga de los l\u00edmites en reweight_eevdf(). Era posible que pick_eevdf() devolviera NULL, lo que luego causa un NULL-deref. Esto result\u00f3 ser debido a que entidad_eligible() devolvi\u00f3 un resultado falso negativo debido a un desbordamiento de multiplicaci\u00f3n s64. Espec\u00edficamente, reweight_eevdf() calcula el vlag sin considerar el l\u00edmite impuesto a vlag como lo hace update_entity_lag(), y luego la multiplicaci\u00f3n de escala (recuerde que el peso es un punto fijo de 20 bits) puede desbordarse. Esto luego lleva a que el nuevo vruntime sea extra\u00f1o, lo que luego hace que la entidad_eligible() anterior se desv\u00ede y afirme que nada es elegible. Por lo tanto, limite el rango de vlag en consecuencia. Todo esto fue bastante raro, pero fatal cuando sucede."}], "id": "CVE-2024-35985", "lastModified": "2025-01-16T16:43:59.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-20T10:15:12.920", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()", "id": "2281857", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281857"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()\nIt was possible to have pick_eevdf() return NULL, which then causes a\nNULL-deref. This turned out to be due to entity_eligible() returning\nfalsely negative because of a s64 multiplcation overflow.\nSpecifically, reweight_eevdf() computes the vlag without considering\nthe limit placed upon vlag as update_entity_lag() does, and then the\nscaling multiplication (remember that weight is 20bit fixed point) can\noverflow. This then leads to the new vruntime being weird which then\ncauses the above entity_eligible() to go side-ways and claim nothing\nis eligible.\nThus limit the range of vlag accordingly.\nAll this was quite rare, but fatal when it does happen.", "A vulnerability was found in the Linux kernel's `sched/eevdf` code, specifically in the `reweight_eevdf()` function. The issue arises when the `vlag` variable overflows due to improper scaling in the computation, which leads to incorrect behavior in the `vruntime`. This causes a NULL dereference in the `entity_eligible()` function, potentially resulting in system crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35985", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35985\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35985\nhttps://lore.kernel.org/linux-cve-announce/2024052018-CVE-2024-35985-8839@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}