CVE-2024-42316

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 17, 2024
Updated: Aug 19, 2024
CWE ID 369

Summary

CVE-2024-42316 is a vulnerability identified in the Linux kernel. The issue lies in the mm/mglru subsystem, specifically in the function vmpressure_calc_level(). In this function, the evict_folios() routine attempts to reclaim folios that have been written back and cleaned. However, in a certain condition where shrink_folio_list() does not increment nr_scanned, the divisor in vmpressure_calc_level() can become zero, resulting in a crash. The potential double counting of pages has minimal risk due to the undefined semantics of scan_control->nr_scanned. The vulnerability is resolved by removing the deduction of scan_control->nr_scanned in evict_folios().

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share