CVE-2024-47739
MEDIUMLinux Kernel - Denial of Service via Integer Overflow in padata Serialization
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: padata: use integer wrap around to prevent deadlock on seq_nr overflow When submitting more than 2^32 padata objects to padata_do_serial, the current sorting implementation incorrectly sorts padata objects with overflowed seq_nr, causing them to be placed before existing objects in the reorder list. This leads to a deadlock in the serialization process as padata_find_next cannot match padata->seq_nr and pd->processed because the padata instance with overflowed seq_nr will be selected next. To fix this, we use an unsigned integer wrap around to correctly sort padata objects in scenarios with integer overflow.
References (9)
Core 9
Core References
Scores
CVSS v3
5.5
EPSS
0.0023
EPSS Percentile
13.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Products (23)
linux/Kernel
5.11.0 - 5.15.168linux
linux/Kernel
5.16.0 - 6.1.113linux
linux/Kernel
5.4.0 - 5.10.227linux
linux/Kernel
6.11.0 - 6.11.2linux
linux/Kernel
6.2.0 - 6.6.54linux
linux/Kernel
6.7.0 - 6.10.13linux
Linux/Linux
< 5.4
Linux/Linux
5.10.227 - 5.10.*
Linux/Linux
5.15.168 - 5.15.*
Linux/Linux
5.4
... and 13 more
Published
Oct 21, 2024
Tracked Since
Feb 18, 2026