Unrated severityNVD Advisory· Published Jul 30, 2024· Updated Nov 3, 2025

cdrom: rearrange last_media_change check to avoid unintentional overflow

CVE-2024-42136

Description

In the Linux kernel, the following vulnerability has been resolved:

When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat:

[ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 366.027518] Call Trace: [ 366.027523] [ 366.027533] dump_stack_lvl+0x93/0xd0 [ 366.027899] handle_overflow+0x171/0x1b0 [ 366.038787] ata1.00: invalid multi_count 32 ignored [ 366.043924] cdrom_ioctl+0x2c3f/0x2d10 [ 366.063932] ? __pm_runtime_resume+0xe6/0x130 [ 366.071923] sr_block_ioctl+0x15d/0x1d0 [ 366.074624] ? __pfx_sr_block_ioctl+0x10/0x10 [ 366.077642] blkdev_ioctl+0x419/0x500 [ 366.080231] ? __pfx_blkdev_ioctl+0x10/0x10 ...

Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with -fwrapv but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer").

Let's rearrange the check to not perform any arithmetic, thus not tripping the sanitizer.

Affected products

osv-coords49 versions
pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_2&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_2&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_4&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 6.4.0-150600.23.22.1+ 48 more
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1.150600.12.8.3
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.10.8.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 6.4.0-150600.23.22.1.150600.12.8.3
- (no CPE)range: < 6.4.0-17.1.1.51
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-19.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-19.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-150600.1.3.2
- (no CPE)range: < 1-150600.13.3.3
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 6.4.0-10.1
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-19.1
- (no CPE)range: < 6.4.0-10.1
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-150600.10.8.1
- (no CPE)range: < 6.4.0-150600.23.22.1
Linux/Linuxcpe-rescue
Range: 5.16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000