一、 漏洞 CVE-2024-49933 基础信息
漏洞标题
Linux内核blk_iocost存在越界移位漏洞
来源:AIGC 神龙大模型
漏洞描述信息
N/A
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
跨界内存读
来源:AIGC 神龙大模型
漏洞标题
blk_iocost: fix more out of bound shifts
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: blk_iocost: fix more out of bound shifts Recently running UBSAN caught few out of bound shifts in the ioc_forgive_debts() function: UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long long') ... UBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30 shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long long') ... Call Trace: <IRQ> dump_stack_lvl+0xca/0x130 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 ? __lock_acquire+0x6441/0x7c10 ioc_timer_fn+0x6cec/0x7750 ? blk_iocost_init+0x720/0x720 ? call_timer_fn+0x5d/0x470 call_timer_fn+0xfa/0x470 ? blk_iocost_init+0x720/0x720 __run_timer_base+0x519/0x700 ... Actual impact of this issue was not identified but I propose to fix the undefined behaviour. The proposed fix to prevent those out of bound shifts consist of precalculating exponent before using it the shift operations by taking min value from the actual exponent and maximum possible number of bits.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Linux kernel 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于blk_iocost中的ioc_forgive_debts函数存在越界位移,可能引起未定义行为。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-49933 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2024-49933 的情报信息

  • 标题: blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    blk_iocost: fix more out of bound shifts - kernel/git/stable/linux.git - Linux kernel stable tree
  • https://nvd.nist.gov/vuln/detail/CVE-2024-49933