Lucene search

LinuxCVE-2024-43889

HistoryAug 26, 2024 - 11:15 a.m.

CVE-2024-43889

2024-08-2611:15:03

CWE-369

Linux

web.nvd.nist.gov

linux kernel

divide-by-0

padata_mt_helper function

fix

security vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

padata: Fix possible divide-by-0 panic in padata_mt_helper()

We are hit with a not easily reproducible divide-by-0 panic in padata.c at
bootup time.

[ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI
[ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1
[ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021
[ 10.017908] Workqueue: events_unbound padata_mt_helper
[ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0
:
[ 10.017963] Call Trace:
[ 10.017968] <TASK>
[ 10.018004] ? padata_mt_helper+0x39/0xb0
[ 10.018084] process_one_work+0x174/0x330
[ 10.018093] worker_thread+0x266/0x3a0
[ 10.018111] kthread+0xcf/0x100
[ 10.018124] ret_from_fork+0x31/0x50
[ 10.018138] ret_from_fork_asm+0x1a/0x30
[ 10.018147] </TASK>

Looking at the padata_mt_helper() function, the only way a divide-by-0
panic can happen is when ps->chunk_size is 0. The way that chunk_size is
initialized in padata_do_multithreaded(), chunk_size can be 0 when the
min_chunk in the passed-in padata_mt_job structure is 0.

Fix this divide-by-0 panic by making sure that chunk_size will be at least
1 no matter what the input parameters are.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange5.8–5.10.224

linuxlinux_kernelRange5.11–5.15.165

linuxlinux_kernelRange5.16–6.1.105

linuxlinux_kernelRange6.2–6.6.46

linuxlinux_kernelRange6.7–6.10.5

linuxlinux_kernelMatch6.11rc1

linuxlinux_kernelMatch6.11rc2

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel6.11cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
linuxlinux_kernel6.11cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	6.11	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
linux	linux_kernel	6.11	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/padata.c"
    ],
    "versions": [
      {
        "version": "004ed42638f4",
        "lessThan": "ab8b397d5997",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "004ed42638f4",
        "lessThan": "8f5ffd2af727",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "004ed42638f4",
        "lessThan": "a29cfcb848c3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "004ed42638f4",
        "lessThan": "924f788c906d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "004ed42638f4",
        "lessThan": "da0ffe84fcc1",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "004ed42638f4",
        "lessThan": "6d45e1c948a8",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/padata.c"
    ],
    "versions": [
      {
        "version": "5.8",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.8",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.224",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.165",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.105",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.46",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.5",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]