CVE-2024-50270
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50270
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50270.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50270
- Downstream
- Related
- Published
- 2024-11-19T01:30:08Z
- Modified
- 2025-10-17T16:37:18.463998Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- mm/damon/core: avoid overflow in damon_feed_loop_next_input()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: avoid overflow in damonfeedloopnextinput()
damonfeedloopnextinput() is inefficient and fragile to overflows. Specifically, 'scoregoaldiff_bp' calculation can overflow when 'score' is high. The calculation is actually unnecessary at all because 'goal' is a constant of value 10,000. Calculation of 'compensation' is again fragile to overflow. Final calculation of return value for under-achiving case is again fragile to overflow when the current score is under-achieving the target.
Add two corner cases handling at the beginning of the function to make the body easier to read, and rewrite the body of the function to avoid overflows and the unnecessary bp value calcuation.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9294a037c01564786abb15436529fae3863268a2Fixed2d339a1f0f16ff5dea58e612ff336f0be0d041e9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9294a037c01564786abb15436529fae3863268a2Fixed4401e9d10ab0281a520b9f8c220f30f60b5c248f