CVE-2024-58017

printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX

Description

In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior. This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/54c14022fa2ba427dc543455c2cf9225903a7174
https://git.kernel.org/stable/c/dfb7b179741ee09506dc7719d92f9e1cea01f10e
https://git.kernel.org/stable/c/bb8ff054e19fe27f4e5eaac1b05e462894cfe9b1
https://git.kernel.org/stable/c/9a6d43844de2479a3ff8d674c3e2a16172e01598 patch
https://git.kernel.org/stable/c/4acf6bab775dbd22a9a799030a808a7305e01d63 patch
https://git.kernel.org/stable/c/404e5fd918a0b14abec06c7eca128f04c9b98e41 patch
https://git.kernel.org/stable/c/4a2c4e7265b8eed83c25d86d702cea06493cab18 patch
https://git.kernel.org/stable/c/3d6f83df8ff2d5de84b50377e4f0d45e25311c7a patch

Frequently Asked Questions

What is the severity of CVE-2024-58017?
CVE-2024-58017 has been scored as a medium severity vulnerability.
How to fix CVE-2024-58017?
To fix CVE-2024-58017, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-58017 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-58017 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-58017?
CVE-2024-58017 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.