CVE-2024-49933

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> blk_iocost: fix more out of bound shifts<br /> <br /> Recently running UBSAN caught few out of bound shifts in the<br /> ioc_forgive_debts() function:<br /> <br /> UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38<br /> shift exponent 80 is too large for 64-bit type &amp;#39;u64&amp;#39; (aka &amp;#39;unsigned long<br /> long&amp;#39;)<br /> ...<br /> UBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30<br /> shift exponent 80 is too large for 64-bit type &amp;#39;u64&amp;#39; (aka &amp;#39;unsigned long<br /> long&amp;#39;)<br /> ...<br /> Call Trace:<br /> <br /> dump_stack_lvl+0xca/0x130<br /> __ubsan_handle_shift_out_of_bounds+0x22c/0x280<br /> ? __lock_acquire+0x6441/0x7c10<br /> ioc_timer_fn+0x6cec/0x7750<br /> ? blk_iocost_init+0x720/0x720<br /> ? call_timer_fn+0x5d/0x470<br /> call_timer_fn+0xfa/0x470<br /> ? blk_iocost_init+0x720/0x720<br /> __run_timer_base+0x519/0x700<br /> ...<br /> <br /> Actual impact of this issue was not identified but I propose to fix the<br /> undefined behaviour.<br /> The proposed fix to prevent those out of bound shifts consist of<br /> precalculating exponent before using it the shift operations by taking<br /> min value from the actual exponent and maximum possible number of bits.