| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-35983: bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS |
| |
| bits_per() rounds up to the next power of two when passed a power of |
| two. This causes crashes on some machines and configurations. |
| |
| The Linux kernel CVE team has assigned CVE-2024-35983 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 5.4.274 with commit d6077e0d38b4953c863d0db4a5b3f41d21e0d546 and fixed in 5.4.275 with commit d34a516f2635090d36a306f84573e8de3d7374ce |
| Issue introduced in 5.10.215 with commit 83a2275f9d3230c761014b1467888b1ef469be74 and fixed in 5.10.216 with commit 66297b2ceda841f809637731d287bda3a93b49d8 |
| Issue introduced in 5.15.154 with commit d2a7a81088c6abe778b0a93a7eeb79487a943818 and fixed in 5.15.158 with commit 93ba36238db6a74a82feb3dc476e25ea424ad630 |
| Issue introduced in 6.1.84 with commit 428ca0000f0abd5c99354c52a36becf2b815ca21 and fixed in 6.1.90 with commit 9b7c5004d7c5ae062134052a85290869a015814c |
| Issue introduced in 6.6.24 with commit b46c822f8b555b9513df44047b0e72c06720df62 and fixed in 6.6.30 with commit 15aa09d6d84629eb5296de30ac0aa19a33512f16 |
| Issue introduced in 6.8.3 with commit cf778fff03be1ee88c49b72959650147573c3301 and fixed in 6.8.9 with commit ebfe41889b762f1933c6762f6624b9724a25bee0 |
| Issue introduced in 6.7.12 with commit b2e1b090a590d41abe647eadb6bf2a5dc47b63ab |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-35983 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| kernel/bounds.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/d34a516f2635090d36a306f84573e8de3d7374ce |
| https://git.kernel.org/stable/c/66297b2ceda841f809637731d287bda3a93b49d8 |
| https://git.kernel.org/stable/c/93ba36238db6a74a82feb3dc476e25ea424ad630 |
| https://git.kernel.org/stable/c/9b7c5004d7c5ae062134052a85290869a015814c |
| https://git.kernel.org/stable/c/15aa09d6d84629eb5296de30ac0aa19a33512f16 |
| https://git.kernel.org/stable/c/ebfe41889b762f1933c6762f6624b9724a25bee0 |
| https://git.kernel.org/stable/c/5af385f5f4cddf908f663974847a4083b2ff2c79 |
