CVE-2024-35985

Published: May 20, 2024

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() It was possible to have pick_eevdf() return NULL, which then causes a NULL-deref. This turned out to be due to entity_eligible() returning falsely negative because of a s64 multiplcation overflow. Specifically, reweight_eevdf() computes the vlag without considering the limit placed upon vlag as update_entity_lag() does, and then the scaling multiplication (remember that weight is 20bit fixed point) can overflow. This then leads to the new vruntime being weird which then causes the above entity_eligible() to go side-ways and claim nothing is eligible. Thus limit the range of vlag accordingly. All this was quite rare, but fatal when it does happen.

Vendor	Product	Versions
Linux	Linux	affected `14204acc09f652169baed1141c671429047b1313 - < 470d347b14b0ecffa9b39cf8f644fa2351db3efb` affected `eab03c23c2a162085b13200d7942fc5a00b5ccc8 - < 06f27e6d7bf0abf54488259ef36bbf0e1fccb35c` affected `eab03c23c2a162085b13200d7942fc5a00b5ccc8 - < 1560d1f6eb6b398bddd80c16676776c0325fe5fe` affected `6.6.4 - < 6.6.30`
Linux	Linux	affected `6.7` unaffected `0 - < 6.7` unaffected `6.6.30 - <= 6.6.` unaffected `6.8.9 - <= 6.8.` unaffected `6.9 - <= *`

References

https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb

https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c

https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-35985

Description

Affected Products

References