{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-35985","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-17T13:50:33.145Z","datePublished":"2024-05-20T09:47:52.389Z","dateUpdated":"2025-05-04T09:09:51.817Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:09:51.817Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()\n\nIt was possible to have pick_eevdf() return NULL, which then causes a\nNULL-deref. This turned out to be due to entity_eligible() returning\nfalsely negative because of a s64 multiplcation overflow.\n\nSpecifically, reweight_eevdf() computes the vlag without considering\nthe limit placed upon vlag as update_entity_lag() does, and then the\nscaling multiplication (remember that weight is 20bit fixed point) can\noverflow. This then leads to the new vruntime being weird which then\ncauses the above entity_eligible() to go side-ways and claim nothing\nis eligible.\n\nThus limit the range of vlag accordingly.\n\nAll this was quite rare, but fatal when it does happen."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/sched/fair.c"],"versions":[{"version":"14204acc09f652169baed1141c671429047b1313","lessThan":"470d347b14b0ecffa9b39cf8f644fa2351db3efb","status":"affected","versionType":"git"},{"version":"eab03c23c2a162085b13200d7942fc5a00b5ccc8","lessThan":"06f27e6d7bf0abf54488259ef36bbf0e1fccb35c","status":"affected","versionType":"git"},{"version":"eab03c23c2a162085b13200d7942fc5a00b5ccc8","lessThan":"1560d1f6eb6b398bddd80c16676776c0325fe5fe","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/sched/fair.c"],"versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","status":"unaffected","versionType":"semver"},{"version":"6.6.30","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.9","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.4","versionEndExcluding":"6.6.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.8.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb"},{"url":"https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c"},{"url":"https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe"}],"title":"sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:30:11.561Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-35985","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:40:16.595087Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:32:48.299Z"}}]}}