CVE-2024-35985

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()<br /> <br /> It was possible to have pick_eevdf() return NULL, which then causes a<br /> NULL-deref. This turned out to be due to entity_eligible() returning<br /> falsely negative because of a s64 multiplcation overflow.<br /> <br /> Specifically, reweight_eevdf() computes the vlag without considering<br /> the limit placed upon vlag as update_entity_lag() does, and then the<br /> scaling multiplication (remember that weight is 20bit fixed point) can<br /> overflow. This then leads to the new vruntime being weird which then<br /> causes the above entity_eligible() to go side-ways and claim nothing<br /> is eligible.<br /> <br /> Thus limit the range of vlag accordingly.<br /> <br /> All this was quite rare, but fatal when it does happen.