CVE-2024-42102

Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"

Description

In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.

Category

4.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.08%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a patch
https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807 patch
https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c patch
https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59 patch
https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00 patch
https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d patch
https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec patch
https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63 patch

Frequently Asked Questions

What is the severity of CVE-2024-42102?
CVE-2024-42102 has been scored as a medium severity vulnerability.
How to fix CVE-2024-42102?
To fix CVE-2024-42102, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42102 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42102 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42102?
CVE-2024-42102 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.