CVE-2024-38576

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> rcu: Fix buffer overflow in print_cpu_stall_info()<br /> <br /> The rcuc-starvation output from print_cpu_stall_info() might overflow the<br /> buffer if there is a huge difference in jiffies difference. The situation<br /> might seem improbable, but computers sometimes get very confused about<br /> time, which can result in full-sized integers, and, in this case,<br /> buffer overflow.<br /> <br /> Also, the unsigned jiffies difference is printed using %ld, which is<br /> normally for signed integers. This is intentional for debugging purposes,<br /> but it is not obvious from the code.<br /> <br /> This commit therefore changes sprintf() to snprintf() and adds a<br /> clarifying comment about intention of %ld format.<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with SVACE.