#VU93751 Division by zero in Linux kernel - CVE-2024-26774

Cybersecurity Help s.r.o.

Published: 2024-07-04

Vulnerability identifier: #VU93751

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26774

CWE-ID: CWE-369

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the mb_update_avg_fragment_size() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/687061cfaa2ac3095170e136dd9c29a4974f41d4
https://git.kernel.org/stable/c/8b40eb2e716b503f7a4e1090815a17b1341b2150
https://git.kernel.org/stable/c/f32d2a745b02123258026e105a008f474f896d6a
https://git.kernel.org/stable/c/8cf9cc602cfb40085967c0d140e32691c8b71cf3
https://git.kernel.org/stable/c/993bf0f4c393b3667830918f9247438a8f6fdb5b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Ubuntu update for linux-raspi

Debian update for linux

SUSE update for the Linux Kernel

Slackware Linux update for kernel

Ubuntu update for linux-ibm-5.15

Ubuntu update for linux-hwe-5.15

Ubuntu update for linux-gkeop

Division by zero in Linux kernel ext4