How severe is CVE-2024-42131?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2024-42131?

This is classified as CWE-190, which is a common weakness in software security.

CVE-2024-42131

MEDIUM Year: 2024

CVSS v3 Score

4.4

Medium

Weakness Type

CWE-190

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to >16 TB.

CVE-2016-6888

MEDIUM

CVSS:4.4(Medium)

Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maxi...

CWE-1902016

CVE-2016-9104

MEDIUM

CVSS:4.4(Medium)

Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (...

CWE-1902016

CVE-2017-14051

MEDIUM

CVSS:4.4(Medium)

An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corrup...

CWE-1902017

CVE-2020-0545

MEDIUM

CVSS:4.4(Medium)

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before ...

CWE-1902020

CVE-2020-10724

MEDIUM

CVSS:4.4(Medium)

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bo...

CWE-1902020

CVE-2020-10726

MEDIUM

CVSS:4.4(Medium)

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resour...

CWE-1902020

CVE-2024-42131

Vulnerability Description

Related Vulnerabilities

CVE-2016-6888

CVE-2016-9104

CVE-2017-14051

CVE-2020-0545

CVE-2020-10724

CVE-2020-10726