CVE-2024-42136
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-42136
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42136.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-42136
- Downstream
- Related
- Published
- 2024-07-30T07:46:30Z
- Modified
- 2025-10-15T13:23:45.893610Z
- Summary
- cdrom: rearrange last_media_change check to avoid unintentional overflow
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
cdrom: rearrange lastmediachange check to avoid unintentional overflow
When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat:
[ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '_s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SGIO [ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 366.027518] Call Trace: [ 366.027523] <TASK> [ 366.027533] dumpstacklvl+0x93/0xd0 [ 366.027899] handleoverflow+0x171/0x1b0 [ 366.038787] ata1.00: invalid multicount 32 ignored [ 366.043924] cdromioctl+0x2c3f/0x2d10 [ 366.063932] ? _pmruntimeresume+0xe6/0x130 [ 366.071923] srblockioctl+0x15d/0x1d0 [ 366.074624] ? _pfxsrblockioctl+0x10/0x10 [ 366.077642] blkdevioctl+0x419/0x500 [ 366.080231] ? _pfxblkdevioctl+0x10/0x10 ...
Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with
-fwrapvbut this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer").Let's rearrange the check to not perform any arithmetic, thus not tripping the sanitizer.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0c97527e916054acc4a46ffb02842988acb2e92b
- https://git.kernel.org/stable/c/3ee21e14c8c329168a0b66bab00ecd18f5d0dee3
- https://git.kernel.org/stable/c/e809bc112712da8f7e15822674c6562da6cdf24c
- https://git.kernel.org/stable/c/efb905aeb44b0e99c0e6b07865b1885ae0471ebf
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced67f1e027c27054e641584655020a417eaac9cb3aFixed0c97527e916054acc4a46ffb02842988acb2e92b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced67f1e027c27054e641584655020a417eaac9cb3aFixed3ee21e14c8c329168a0b66bab00ecd18f5d0dee3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced67f1e027c27054e641584655020a417eaac9cb3aFixede809bc112712da8f7e15822674c6562da6cdf24c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced67f1e027c27054e641584655020a417eaac9cb3aFixedefb905aeb44b0e99c0e6b07865b1885ae0471ebf
Affected versions
v5.*
v5.15
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7
v6.9.8
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@efb905aeb44b0e99c0e6b07865b1885ae0471ebf",
"signature_version": "v1",
"target": {
"file": "drivers/cdrom/cdrom.c"
},
"digest": {
"line_hashes": [
"101725929294684902090191809233033982668",
"14378757641491435132180661797633749787",
"82590320730627682872703125166992071295",
"156289561320420594418610972391375566120"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-42136-0ddb785b"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e809bc112712da8f7e15822674c6562da6cdf24c",
"signature_version": "v1",
"target": {
"file": "drivers/cdrom/cdrom.c"
},
"digest": {
"line_hashes": [
"101725929294684902090191809233033982668",
"14378757641491435132180661797633749787",
"82590320730627682872703125166992071295",
"156289561320420594418610972391375566120"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-42136-228a2b86"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@efb905aeb44b0e99c0e6b07865b1885ae0471ebf",
"signature_version": "v1",
"target": {
"file": "drivers/cdrom/cdrom.c",
"function": "cdrom_ioctl_timed_media_change"
},
"digest": {
"length": 673.0,
"function_hash": "283722687327681355958302304575922737524"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-42136-3b33ab54"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ee21e14c8c329168a0b66bab00ecd18f5d0dee3",
"signature_version": "v1",
"target": {
"file": "drivers/cdrom/cdrom.c"
},
"digest": {
"line_hashes": [
"101725929294684902090191809233033982668",
"14378757641491435132180661797633749787",
"82590320730627682872703125166992071295",
"156289561320420594418610972391375566120"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-42136-448370b1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ee21e14c8c329168a0b66bab00ecd18f5d0dee3",
"signature_version": "v1",
"target": {
"file": "drivers/cdrom/cdrom.c",
"function": "cdrom_ioctl_timed_media_change"
},
"digest": {
"length": 673.0,
"function_hash": "283722687327681355958302304575922737524"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-42136-48bc7fe3"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e809bc112712da8f7e15822674c6562da6cdf24c",
"signature_version": "v1",
"target": {
"file": "drivers/cdrom/cdrom.c",
"function": "cdrom_ioctl_timed_media_change"
},
"digest": {
"length": 673.0,
"function_hash": "283722687327681355958302304575922737524"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-42136-6e69a535"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c97527e916054acc4a46ffb02842988acb2e92b",
"signature_version": "v1",
"target": {
"file": "drivers/cdrom/cdrom.c",
"function": "cdrom_ioctl_timed_media_change"
},
"digest": {
"length": 673.0,
"function_hash": "283722687327681355958302304575922737524"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-42136-800aade0"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c97527e916054acc4a46ffb02842988acb2e92b",
"signature_version": "v1",
"target": {
"file": "drivers/cdrom/cdrom.c"
},
"digest": {
"line_hashes": [
"101725929294684902090191809233033982668",
"14378757641491435132180661797633749787",
"82590320730627682872703125166992071295",
"156289561320420594418610972391375566120"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-42136-d5310ef1"
}
]