Description

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() It was possible to have pick_eevdf() return NULL, which then causes a NULL-deref. This turned out to be due to entity_eligible() returning falsely negative because of a s64 multiplcation overflow. Specifically, reweight_eevdf() computes the vlag without considering the limit placed upon vlag as update_entity_lag() does, and then the scaling multiplication (remember that weight is 20bit fixed point) can overflow. This then leads to the new vruntime being weird which then causes the above entity_eligible() to go side-ways and claim nothing is eligible. Thus limit the range of vlag accordingly. All this was quite rare, but fatal when it does happen.

INFO

Published Date :

2024-05-20T09:47:52.389Z

Last Modified :

2025-05-04T09:09:51.817Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-35985 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-35985.

URL Resource
https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c cve-icon cve-icon
https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe cve-icon cve-icon
https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024052018-CVE-2024-35985-8839@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-35985 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-35985 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact