CVE-2024-50270
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-50270 is a vulnerability affecting the Linux kernel. It was identified in the 'mm/damon/core' module, specifically in the 'damon_feed_loop_next_input()' function. This function is prone to overflows due to inefficient and fragile code. The vulnerability exists in several calculations within the function, including the 'score_goal_diff_bp' calculation, which can overflow when the score is high. The calculation of 'compensation' is also fragile to overflows. Additionally, the final calculation of the return value for under-achieving cases is susceptible to overflows when the current score is below the target. The vulnerability has been mitigated by adding corner case handling at the beginning of the function and rewriting the body to avoid overflows and unnecessary calculations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX