| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052018-CVE-2024-35983-a607@gregkh> Date: Mon, 20 May 2024 11:48:19 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-35983: bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Description =========== In the Linux kernel, the following vulnerability has been resolved: bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS bits_per() rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations. The Linux kernel CVE team has assigned CVE-2024-35983 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4.274 with commit d6077e0d38b4 and fixed in 5.4.275 with commit d34a516f2635 Issue introduced in 5.10.215 with commit 83a2275f9d32 and fixed in 5.10.216 with commit 66297b2ceda8 Issue introduced in 5.15.154 with commit d2a7a81088c6 and fixed in 5.15.158 with commit 93ba36238db6 Issue introduced in 6.1.84 with commit 428ca0000f0a and fixed in 6.1.90 with commit 9b7c5004d7c5 Issue introduced in 6.6.24 with commit b46c822f8b55 and fixed in 6.6.30 with commit 15aa09d6d846 Issue introduced in 6.8.3 with commit cf778fff03be and fixed in 6.8.9 with commit ebfe41889b76 Issue introduced in 6.7.12 with commit b2e1b090a590 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-35983 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/bounds.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d34a516f2635090d36a306f84573e8de3d7374ce https://git.kernel.org/stable/c/66297b2ceda841f809637731d287bda3a93b49d8 https://git.kernel.org/stable/c/93ba36238db6a74a82feb3dc476e25ea424ad630 https://git.kernel.org/stable/c/9b7c5004d7c5ae062134052a85290869a015814c https://git.kernel.org/stable/c/15aa09d6d84629eb5296de30ac0aa19a33512f16 https://git.kernel.org/stable/c/ebfe41889b762f1933c6762f6624b9724a25bee0 https://git.kernel.org/stable/c/5af385f5f4cddf908f663974847a4083b2ff2c79
Powered by blists - more mailing lists