High severity7.1NVD Advisory· Published May 30, 2024· Updated May 12, 2026
CVE-2024-36916
CVE-2024-36916
Description
In the Linux kernel, the following vulnerability has been resolved:
blk-iocost: avoid out of bounds shift
UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures.
[ 186.556576] ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23 shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long') CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020 Call Trace:
dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x1f80 __run_timer_base+0x1b6/0x250 ...
Avoid that undefined behavior by simply taking the "delay = 0" branch if the shift is too large.
I am not sure what the symptoms of an undefined value delay will be, but I suspect it could be more than a little annoying to debug.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's blk-iocost, a shift-out-of-bounds in iocg->delay handling can cause undefined behavior, leading to a potential denial of service.
Vulnerability
Details
In the Linux kernel's block I/O cost controller (blk-iocost), a shift-out-of-bounds error occurs in the iocg_kick_delay function. The shift exponent 64 is too large for a 64-bit variable, causing undefined behavior according to UBSAN reports [1][2]. The root cause is that iocg->delay is shifted right by an excessive number of bits when iocg->delay is 0 and the shift count equals 64 [description].
Exploitation
Scenario
This bug can be triggered by the kernel's timer callback ioc_timer_fn, which runs in IRQ context without requiring any special user privileges. An attacker with local access or the ability to influence I/O patterns may cause the shift condition to occur. The issue manifests as a crash or unpredictable system behavior due to the undefined shift operation [description].
Impact
Successful exploitation leads to a denial of service (system crash or hang) due to undefined behavior in the kernel. The impact is limited to confidentiality, integrity, and availability being affected depending on the system state, but primarily availability is at risk [2].
Mitigation
The fix is to simply take the delay = 0 path when the shift would be too large, as implemented in kernel commits [3][4]. Patched versions of the Linux kernel are available; users should update their kernels. The vulnerability is also addressed in Siemens SIMATIC S7-1500 TM MFP GNU/Linux subsystem [2].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
95- osv-coords94 versionspkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 5.14.21-150500.55.73.1+ 93 more
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 6.4.0-150600.23.14.2.150600.12.4.3
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 5.14.21-150500.55.73.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 6.4.0-150600.23.14.2.150600.12.4.3
- (no CPE)range: < 6.4.0-17.1.1.51
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 5.14.21-150500.55.73.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150600.1.5.1
- (no CPE)range: < 1-150600.13.3.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.14.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153bnvdPatch
- git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5nvdPatch
- git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1nvdPatch
- git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96dnvdPatch
- git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86nvdPatch
- git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8canvdPatch
- lists.debian.org/debian-lts-announce/2024/06/msg00019.htmlnvdThird Party Advisory
- security.netapp.com/advisory/ntap-20240905-0006/nvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-613116.htmlnvd
News mentions
0No linked articles in our index yet.