CVE-2024-43889: padata: Fix possible divide-by-0 panic in padata_mt_helper()
In the Linux kernel, the following vulnerability has been resolved:
padata: Fix possible divide-by-0 panic in padatamthelper()
We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time.
[ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x8664 #1 [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021 [ 10.017908] Workqueue: eventsunbound padatamthelper [ 10.017908] RIP: 0010:padatamthelper+0x39/0xb0 : [ 10.017963] Call Trace: [ 10.017968] [ 10.018004] ? padatamthelper+0x39/0xb0 [ 10.018084] processonework+0x174/0x330 [ 10.018093] workerthread+0x266/0x3a0 [ 10.018111] kthread+0xcf/0x100 [ 10.018124] retfromfork+0x31/0x50 [ 10.018138] retfromforkasm+0x1a/0x30 [ 10.018147]
Looking at the padatamthelper() function, the only way a divide-by-0 panic can happen is when ps->chunksize is 0. The way that chunksize is initialized in padatadomultithreaded(), chunksize can be 0 when the minchunk in the passed-in padatamtjob structure is 0.
Fix this divide-by-0 panic by making sure that chunksize will be at least 1 no matter what the input parameters are.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
padata: Fix possible divide-by-0 panic in padatamthelper()
We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time.
[ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x8664 #1 [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021 [ 10.017908] Workqueue: eventsunbound padatamthelper [ 10.017908] RIP: 0010:padatamthelper+0x39/0xb0 : [ 10.017963] Call Trace: [ 10.017968] <TASK> [ 10.018004] ? padatamthelper+0x39/0xb0 [ 10.018084] processonework+0x174/0x330 [ 10.018093] workerthread+0x266/0x3a0 [ 10.018111] kthread+0xcf/0x100 [ 10.018124] retfromfork+0x31/0x50 [ 10.018138] retfromforkasm+0x1a/0x30 [ 10.018147] </TASK>
Looking at the padatamthelper() function, the only way a divide-by-0 panic can happen is when ps->chunksize is 0. The way that chunksize is initialized in padatadomultithreaded(), chunksize can be 0 when the minchunk in the passed-in padatamtjob structure is 0.
Fix this divide-by-0 panic by making sure that chunksize will be at least 1 no matter what the input parameters are.
— NVD
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-43889?
CVE-2024-43889 has a severity level that indicates a potential risk of system crashes due to divide-by-0 panic in the Linux kernel.
How do I fix CVE-2024-43889?
To fix CVE-2024-43889, update to the latest stable version of the Linux kernel, specifically versions such as 5.10.226-1 or 6.1.128-1.
What versions of the Linux kernel are affected by CVE-2024-43889?
CVE-2024-43889 affects various versions of the Linux kernel, including versions from 5.8 to 6.10.5.
What is the impact of CVE-2024-43889 on systems?
The impact of CVE-2024-43889 includes the potential for system instability and crashes during bootup due to a divide-by-0 error.
Where can I find more information about CVE-2024-43889?
Detailed information about CVE-2024-43889 can be found on the official Linux kernel repositories and security documentation.