Linux · Linux Kernel · CVE-2024-35985
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue is related to the sched/eevdf component in the Linux kernel, where the function `reweight eevdf()` computes the `vlag` without considering the limit placed upon `vlag` as `update entity lag()` does. This can lead to a scaling multiplication overflow, causing the new `vruntime` to be incorrect, which in turn leads to `entity eligible()` returning falsely negative. As a result, `pick eevdf()` may return NULL, causing a NULL-deref. The problem is rare but fatal when it occurs.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.