CVE-2024-35985

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the sched/eevdf component in the Linux kernel, where the function reweight eevdf() computes the vlag without considering the limit placed upon vlag as update entity lag() does. This can lead to a scaling multiplication overflow, causing the new vruntime to be incorrect, which in turn leads to entity eligible() returning falsely negative. As a result, pick eevdf() may return NULL, causing a NULL-deref. The problem is rare but fatal when it occurs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.