Linux · Linux Kernel · CVE-2024-36916
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.37
Description:
The issue is related to the blk-iocost component in the Linux kernel, where sometimes `iocg->delay` is shifted right by a number that is too large, resulting in undefined behavior on some architectures. This can lead to a shift-out-of-bounds error, as indicated by UBSAN. The error occurs in the `block/blk-iocost.c` file at line 1366. The symptoms of an undefined value delay are not clearly specified, but it is suspected to be annoying to debug.
Recommendations:
To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider taking the "delay = 0" branch if the shift is too large to avoid undefined behavior.