CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum()
In the Linux kernel, the following vulnerability has been resolved:
block: prevent division by zero in blkrqstatsum()
The expression dst->nrsamples + src->nrsamples may have zero value on overflow. It is necessary to add a check to avoid division by zero.
Found by Linux Verification Center (linuxtesting.org) with Svace.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
block: prevent division by zero in blkrqstatsum()
The Linux kernel CVE team has assigned CVE-2024-35925 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051914-CVE-2024-35925-fa17@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-35925?
CVE-2024-35925 is not assigned a severity rating, but it addresses a division by zero vulnerability in the Linux kernel.
How do I fix CVE-2024-35925?
To fix CVE-2024-35925, upgrade your Linux kernel to a version that is equal to or greater than 4.19.312, 5.4.274, 5.10.215, 5.15.155, 6.1.86, 6.6.27, 6.8.6, or 6.9.
Which versions of the Linux kernel are affected by CVE-2024-35925?
CVE-2024-35925 affects Linux kernel versions below 4.19.312, 5.4.274, 5.10.215, 5.15.155, 6.1.86, and 6.6.27.
Is CVE-2024-35925 specific to any Linux distributions?
CVE-2024-35925 is found in the Linux kernel and affects multiple distributions, including those based on Red Hat and Debian.
Can CVE-2024-35925 cause system crashes?
CVE-2024-35925 could potentially lead to unexpected behavior, including system crashes, due to the division by zero vulnerability.