PT-2024-33858 · Linux+2 · Linux Kernel+2

Published

2024-10-21

·

Updated

2025-06-09

·

CVE-2024-50018

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue concerns an overflow in napi defer hard irqs within the Linux kernel's net: napi component. This overflow occurred because napi defer hard irqs and napi defer irqs count were defined as signed integers, despite their values never going below zero. To address this, their types were changed to unsigned 32-bit integers (u32), and an overflow check was added to limit the value to S32 MAX in sysfs. This change prevents overflows when attempting to set high values for napi defer hard irqs. For example, attempting to set a value of 2147483649 would result in a write error due to being out of range.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2024-50018
INFSA-2025_6966
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2025:14705-1
OPENSUSE-SU-2025_0117-1
OPENSUSE-SU-2025_0153-1
OPENSUSE-SU-2025_0154-1
OPENSUSE-SU-2025_0201-1
OPENSUSE-SU-2025_0229-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2025:0117-1
SUSE-SU-2025:0153-1
SUSE-SU-2025:0154-1
SUSE-SU-2025:0201-1
SUSE-SU-2025:0201-2
SUSE-SU-2025:0229-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0201-1
SUSE-SU-2025_0201-2

Affected Products

Linux Kernel
Red Hat
Suse