CVE-2024-35985
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35985
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35985.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35985
- Downstream
- Related
- Published
- 2024-05-20T09:47:52Z
- Modified
- 2025-10-15T10:47:56.537503Z
- Summary
- sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()
It was possible to have pickeevdf() return NULL, which then causes a NULL-deref. This turned out to be due to entityeligible() returning falsely negative because of a s64 multiplcation overflow.
Specifically, reweighteevdf() computes the vlag without considering the limit placed upon vlag as updateentitylag() does, and then the scaling multiplication (remember that weight is 20bit fixed point) can overflow. This then leads to the new vruntime being weird which then causes the above entityeligible() to go side-ways and claim nothing is eligible.
Thus limit the range of vlag accordingly.
All this was quite rare, but fatal when it does happen.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced14204acc09f652169baed1141c671429047b1313Fixed470d347b14b0ecffa9b39cf8f644fa2351db3efb
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedeab03c23c2a162085b13200d7942fc5a00b5ccc8Fixed06f27e6d7bf0abf54488259ef36bbf0e1fccb35c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedeab03c23c2a162085b13200d7942fc5a00b5ccc8Fixed1560d1f6eb6b398bddd80c16676776c0325fe5fe
Affected versions
v6.*
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "kernel/sched/fair.c",
"function": "update_entity_lag"
},
"deprecated": false,
"digest": {
"length": 284.0,
"function_hash": "137161341928621080215312796018396774197"
},
"id": "CVE-2024-35985-2f0bdf2f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@470d347b14b0ecffa9b39cf8f644fa2351db3efb"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "kernel/sched/fair.c",
"function": "reweight_eevdf"
},
"deprecated": false,
"digest": {
"length": 423.0,
"function_hash": "126535244284863334091151257256922142669"
},
"id": "CVE-2024-35985-2f678e71",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@06f27e6d7bf0abf54488259ef36bbf0e1fccb35c"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "kernel/sched/fair.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"188721901955677659138172785946986683466",
"15765242292469209364102901142180395997",
"102778785215283466025361209161821471022",
"277696010900116056652124685937091405132",
"54493766598714656002303939198564479970",
"284717969621335453707574011087970408173",
"100138236735493974549169968853872936816",
"71425191976539064060023171444592065771",
"124906073065385815331996459101012541156",
"246234329343675826484243328358909813",
"310232308609197756731421302370172780404",
"214395260244251293788303806757523825103",
"294693806728589290983607705763765543027",
"92921844541572979899291896558126614597"
],
"threshold": 0.9
},
"id": "CVE-2024-35985-3a67c365",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1560d1f6eb6b398bddd80c16676776c0325fe5fe"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "kernel/sched/fair.c",
"function": "update_entity_lag"
},
"deprecated": false,
"digest": {
"length": 284.0,
"function_hash": "137161341928621080215312796018396774197"
},
"id": "CVE-2024-35985-495691fc",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1560d1f6eb6b398bddd80c16676776c0325fe5fe"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "kernel/sched/fair.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"188721901955677659138172785946986683466",
"15765242292469209364102901142180395997",
"102778785215283466025361209161821471022",
"277696010900116056652124685937091405132",
"54493766598714656002303939198564479970",
"284717969621335453707574011087970408173",
"100138236735493974549169968853872936816",
"71425191976539064060023171444592065771",
"318380512463593822517018173055524107522",
"269433214551199411879334065340358904908",
"310232308609197756731421302370172780404",
"214395260244251293788303806757523825103",
"294693806728589290983607705763765543027",
"92921844541572979899291896558126614597"
],
"threshold": 0.9
},
"id": "CVE-2024-35985-4e2a37eb",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@470d347b14b0ecffa9b39cf8f644fa2351db3efb"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "kernel/sched/fair.c",
"function": "update_entity_lag"
},
"deprecated": false,
"digest": {
"length": 284.0,
"function_hash": "137161341928621080215312796018396774197"
},
"id": "CVE-2024-35985-7859771f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@06f27e6d7bf0abf54488259ef36bbf0e1fccb35c"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "kernel/sched/fair.c",
"function": "reweight_eevdf"
},
"deprecated": false,
"digest": {
"length": 423.0,
"function_hash": "126535244284863334091151257256922142669"
},
"id": "CVE-2024-35985-9ca51468",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@470d347b14b0ecffa9b39cf8f644fa2351db3efb"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "kernel/sched/fair.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"188721901955677659138172785946986683466",
"15765242292469209364102901142180395997",
"102778785215283466025361209161821471022",
"277696010900116056652124685937091405132",
"54493766598714656002303939198564479970",
"284717969621335453707574011087970408173",
"100138236735493974549169968853872936816",
"71425191976539064060023171444592065771",
"124906073065385815331996459101012541156",
"246234329343675826484243328358909813",
"310232308609197756731421302370172780404",
"214395260244251293788303806757523825103",
"294693806728589290983607705763765543027",
"92921844541572979899291896558126614597"
],
"threshold": 0.9
},
"id": "CVE-2024-35985-c4ff51d8",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@06f27e6d7bf0abf54488259ef36bbf0e1fccb35c"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "kernel/sched/fair.c",
"function": "reweight_eevdf"
},
"deprecated": false,
"digest": {
"length": 423.0,
"function_hash": "126535244284863334091151257256922142669"
},
"id": "CVE-2024-35985-e77e0167",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1560d1f6eb6b398bddd80c16676776c0325fe5fe"
}
]
}