CVE-2024-50270

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 26, 2024
CWE ID 190

Summary

CVE-2024-50270 is a vulnerability affecting the Linux kernel. It was identified in the 'mm/damon/core' module, specifically in the 'damon_feed_loop_next_input()' function. This function is prone to overflows due to inefficient and fragile code. The vulnerability exists in several calculations within the function, including the 'score_goal_diff_bp' calculation, which can overflow when the score is high. The calculation of 'compensation' is also fragile to overflows. Additionally, the final calculation of the return value for under-achieving cases is susceptible to overflows when the current score is below the target. The vulnerability has been mitigated by adding corner case handling at the beginning of the function and rewriting the body to avoid overflows and unnecessary calculations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share