CVE - CVE-2024-42316

CVE-ID
CVE-2024-42316	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: mm/mglru: fix div-by-zero in vmpressure_calc_level() evict_folios() uses a second pass to reclaim folios that have gone through page writeback and become clean before it finishes the first pass, since folio_rotate_reclaimable() cannot handle those folios due to the isolation. The second pass tries to avoid potential double counting by deducting scan_control->nr_scanned. However, this can result in underflow of nr_scanned, under a condition where shrink_folio_list() does not increment nr_scanned, i.e., when folio_trylock() fails. The underflow can cause the divisor, i.e., scale=scanned+reclaimed in vmpressure_calc_level(), to become zero, resulting in the following crash: [exception RIP: vmpressure_work_fn+101] process_one_work at ffffffffa3313f2b Since scan_control->nr_scanned has no established semantics, the potential double counting has minimal risks. Therefore, fix the problem by not deducting scan_control->nr_scanned in evict_folios().
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef URL:https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef MISC:https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d URL:https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d MISC:https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895 URL:https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895 MISC:https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04 URL:https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04
Assigning CNA
kernel.org
Date Record Created
20240730	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240730)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)