In the Linux kernel, the following vulnerability has been resolved:
padata: Fix possible divide-by-0 panic in padatamthelper()
We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time.
[ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x8664 #1 [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021 [ 10.017908] Workqueue: eventsunbound padatamthelper [ 10.017908] RIP: 0010:padatamthelper+0x39/0xb0 : [ 10.017963] Call Trace: [ 10.017968] <TASK> [ 10.018004] ? padatamthelper+0x39/0xb0 [ 10.018084] processonework+0x174/0x330 [ 10.018093] workerthread+0x266/0x3a0 [ 10.018111] kthread+0xcf/0x100 [ 10.018124] retfromfork+0x31/0x50 [ 10.018138] retfromforkasm+0x1a/0x30 [ 10.018147] </TASK>
Looking at the padatamthelper() function, the only way a divide-by-0 panic can happen is when ps->chunksize is 0. The way that chunksize is initialized in padatadomultithreaded(), chunksize can be 0 when the minchunk in the passed-in padatamtjob structure is 0.
Fix this divide-by-0 panic by making sure that chunk_size will be at least 1 no matter what the input parameters are.
{ "vanir_signatures": [ { "signature_version": "v1", "signature_type": "Line", "target": { "file": "kernel/padata.c" }, "deprecated": false, "digest": { "line_hashes": [ "23095676605328214514996330995030096702", "261172513930997667620564234026949197861", "151361750716639484990932860007099736170" ], "threshold": 0.9 }, "id": "CVE-2024-43889-0f935c32", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da0ffe84fcc1627a7dff82c80b823b94236af905" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "kernel/padata.c" }, "deprecated": false, "digest": { "line_hashes": [ "23095676605328214514996330995030096702", "150197369373966860911932501846212770024", "309903645019887766383492470572506758228" ], "threshold": 0.9 }, "id": "CVE-2024-43889-2dab411b", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab8b397d5997d8c37610252528edc54bebf9f6d3" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "kernel/padata.c" }, "deprecated": false, "digest": { "line_hashes": [ "23095676605328214514996330995030096702", "150197369373966860911932501846212770024", "309903645019887766383492470572506758228" ], "threshold": 0.9 }, "id": "CVE-2024-43889-345deb47", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "kernel/padata.c", "function": "padata_do_multithreaded" }, "deprecated": false, "digest": { "length": 1039.0, "function_hash": "299196800418949779653650498799816714009" }, "id": "CVE-2024-43889-3c2a3fd8", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8f5ffd2af7274853ff91d6cd62541191d9fbd10d" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "kernel/padata.c", "function": "padata_do_multithreaded" }, "deprecated": false, "digest": { "length": 1039.0, "function_hash": "299196800418949779653650498799816714009" }, "id": "CVE-2024-43889-59c08bca", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "kernel/padata.c", "function": "padata_do_multithreaded" }, "deprecated": false, "digest": { "length": 1348.0, "function_hash": "23859883023445489577404775751158432432" }, "id": "CVE-2024-43889-59ea47ca", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d45e1c948a8b7ed6ceddb14319af69424db730c" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "kernel/padata.c", "function": "padata_do_multithreaded" }, "deprecated": false, "digest": { "length": 1348.0, "function_hash": "23859883023445489577404775751158432432" }, "id": "CVE-2024-43889-7ec3e91f", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da0ffe84fcc1627a7dff82c80b823b94236af905" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "kernel/padata.c" }, "deprecated": false, "digest": { "line_hashes": [ "23095676605328214514996330995030096702", "150197369373966860911932501846212770024", "309903645019887766383492470572506758228" ], "threshold": 0.9 }, "id": "CVE-2024-43889-8b7dd369", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@924f788c906dccaca30acab86c7124371e1d6f2c" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "kernel/padata.c", "function": "padata_do_multithreaded" }, "deprecated": false, "digest": { "length": 1039.0, "function_hash": "299196800418949779653650498799816714009" }, "id": "CVE-2024-43889-a2f74066", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab8b397d5997d8c37610252528edc54bebf9f6d3" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "kernel/padata.c", "function": "padata_do_multithreaded" }, "deprecated": false, "digest": { "length": 1069.0, "function_hash": "69753903035047918119905121414870710705" }, "id": "CVE-2024-43889-a56cbb98", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@924f788c906dccaca30acab86c7124371e1d6f2c" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "kernel/padata.c" }, "deprecated": false, "digest": { "line_hashes": [ "23095676605328214514996330995030096702", "150197369373966860911932501846212770024", "309903645019887766383492470572506758228" ], "threshold": 0.9 }, "id": "CVE-2024-43889-b41d7ea1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8f5ffd2af7274853ff91d6cd62541191d9fbd10d" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "kernel/padata.c" }, "deprecated": false, "digest": { "line_hashes": [ "23095676605328214514996330995030096702", "261172513930997667620564234026949197861", "151361750716639484990932860007099736170" ], "threshold": 0.9 }, "id": "CVE-2024-43889-f24fe7fa", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d45e1c948a8b7ed6ceddb14319af69424db730c" } ] }