CVE-2024-36916

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> blk-iocost: avoid out of bounds shift<br /> <br /> UBSAN catches undefined behavior in blk-iocost, where sometimes<br /> iocg-&gt;delay is shifted right by a number that is too large,<br /> resulting in undefined behavior on some architectures.<br /> <br /> [ 186.556576] ------------[ cut here ]------------<br /> UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23<br /> shift exponent 64 is too large for 64-bit type &amp;#39;u64&amp;#39; (aka &amp;#39;unsigned long long&amp;#39;)<br /> CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1<br /> Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x8f/0xe0<br /> __ubsan_handle_shift_out_of_bounds+0x22c/0x280<br /> iocg_kick_delay+0x30b/0x310<br /> ioc_timer_fn+0x2fb/0x1f80<br /> __run_timer_base+0x1b6/0x250<br /> ...<br /> <br /> Avoid that undefined behavior by simply taking the<br /> "delay = 0" branch if the shift is too large.<br /> <br /> I am not sure what the symptoms of an undefined value<br /> delay will be, but I suspect it could be more than a<br /> little annoying to debug.