Updated: 2026-02-27 02:44:31.111738
Description:
In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 366.027518] Call Trace: [ 366.027523] <TASK> [ 366.027533] dump_stack_lvl+0x93/0xd0 [ 366.027899] handle_overflow+0x171/0x1b0 [ 366.038787] ata1.00: invalid multi_count 32 ignored [ 366.043924] cdrom_ioctl+0x2c3f/0x2d10 [ 366.063932] ? __pm_runtime_resume+0xe6/0x130 [ 366.071923] sr_block_ioctl+0x15d/0x1d0 [ 366.074624] ? __pfx_sr_block_ioctl+0x10/0x10 [ 366.077642] blkdev_ioctl+0x419/0x500 [ 366.080231] ? __pfx_blkdev_ioctl+0x10/0x10 ... Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's rearrange the check to not perform any arithmetic, thus not tripping the sanitizer.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1743193221 | 2024-10-21 17:30:37 | |
| CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2024-09-25 12:27:35 | CVE-2024-42136 affects the cdrom driver’s CDROM_TIMED_MEDIA_CHANGE ioctl path, where arithmetic on... | |
| CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2024-09-23 17:23:14 | Not affected: this issue targets the cdrom driver’s newer timed media‑change path (CDROM_TIMED_M... | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2024-09-25 12:27:35 | Not affected: CVE-2024-42136 targets a signed-overflow in the CD-ROM driver’s CDROM_TIMED_MEDIA_CH... | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2024-09-25 12:27:35 | Not affected: CVE-2024-42136 targets a signed-overflow in the CD-ROM driver’s CDROM_TIMED_MEDIA_CH... | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2024-09-25 12:27:35 | Not affected: CVE-2024-42136 targets a signed-overflow in the CD-ROM driver’s CDROM_TIMED_MEDIA_CH... | |
| CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2024-09-25 12:27:35 | ||
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2024-09-25 12:27:35 | Not affected: this issue targets the cdrom driver’s newer timed media‑change path (CDROM_TIMED_M... | |
| Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2024-09-25 12:27:35 | CVE-2024-42136 affects the cdrom driver’s CDROM_TIMED_MEDIA_CHANGE ioctl path, where arithmetic on... | |
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2025-05-12 04:24:58 | Not affected: this issue targets the cdrom driver’s newer timed media‑change path (CDROM_TIMED_M... |