Division by zero in Linux kernel



Published: 2024-08-26
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-43889
CWE-ID CWE-369
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Division by zero

EUVDB-ID: #VU96545

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43889

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the padata_do_multithreaded() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3
http://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d
http://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f
http://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c
http://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905
http://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###