CVE-2024-58017

MEDIUM5.5

printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX

Published Feb 27, 2025

Modified 2 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX

Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior.

This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer.

References

WEBhttps://git.kernel.org/stable/c/3d6f83df8ff2d5de84b50377e4f0d45e25311c7a WEBhttps://git.kernel.org/stable/c/404e5fd918a0b14abec06c7eca128f04c9b98e41 WEBhttps://git.kernel.org/stable/c/4a2c4e7265b8eed83c25d86d702cea06493cab18 WEBhttps://git.kernel.org/stable/c/4acf6bab775dbd22a9a799030a808a7305e01d63 WEBhttps://git.kernel.org/stable/c/54c14022fa2ba427dc543455c2cf9225903a7174 WEBhttps://git.kernel.org/stable/c/9a6d43844de2479a3ff8d674c3e2a16172e01598 WEBhttps://git.kernel.org/stable/c/bb8ff054e19fe27f4e5eaac1b05e462894cfe9b1 WEBhttps://git.kernel.org/stable/c/dfb7b179741ee09506dc7719d92f9e1cea01f10e WEBhttps://lists.debian.org/debian-lts-announce/2025/03/msg00028.html WEBhttps://lists.debian.org/debian-lts-announce/2025/05/msg00030.html ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-58017

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedFeb 27, 2025

ModifiedNov 3, 2025