In the Linux kernel, the following vulnerability has been resolved:
serial: core: check uartclk for zero to avoid divide by zero
Calling ioctl TIOCSSERIAL with an invalid baudbase can result in uartclk being zero, which will result in a divide by zero error in uartgetdivisor(). The check for uartclk being zero in uartset_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set.
Oops: divide error: 0000 PREEMPT SMP KASAN PTI RIP: 0010:uartgetdivisor (drivers/tty/serial/serialcore.c:580) Call Trace: <TASK> serial8250getdivisor (drivers/tty/serial/8250/8250port.c:2576 drivers/tty/serial/8250/8250port.c:2589) serial8250dosettermios (drivers/tty/serial/8250/8250port.c:502 drivers/tty/serial/8250/8250port.c:2741) serial8250settermios (drivers/tty/serial/8250/8250port.c:2862) uartchangelinesettings (./include/linux/spinlock.h:376 ./include/linux/serialcore.h:608 drivers/tty/serial/serialcore.c:222) uartportstartup (drivers/tty/serial/serialcore.c:342) uartstartup (drivers/tty/serial/serialcore.c:368) uartsetinfo (drivers/tty/serial/serialcore.c:1034) uartsetinfouser (drivers/tty/serial/serialcore.c:1059) ttysetserial (drivers/tty/ttyio.c:2637) ttyioctl (drivers/tty/ttyio.c:2647 drivers/tty/ttyio.c:2791) _x64sysioctl (fs/ioctl.c:52 fs/ioctl.c:907 fs/ioctl.c:893 fs/ioctl.c:893) dosyscall64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entrySYSCALL64afterhwframe (arch/x86/entry/entry64.S:130)
Rule: add
{ "vanir_signatures": [ { "id": "CVE-2024-43893-03ecdcf3", "signature_type": "Line", "target": { "file": "drivers/tty/serial/serial_core.c" }, "deprecated": false, "digest": { "line_hashes": [ "187879668662584549874667749843565215559", "94122458986753443673493804674378038766", "128611323036854628315857080486051010157" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@55b2a5d331a6ceb1c4372945fdb77181265ba24f" }, { "id": "CVE-2024-43893-047bbf65", "signature_type": "Line", "target": { "file": "drivers/tty/serial/serial_core.c" }, "deprecated": false, "digest": { "line_hashes": [ "187879668662584549874667749843565215559", "94122458986753443673493804674378038766", "128611323036854628315857080486051010157" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3ad503876283ac3fcca922a1bf243ef9eb0b0e2" }, { "id": "CVE-2024-43893-260214a4", "signature_type": "Function", "target": { "file": "drivers/tty/serial/serial_core.c", "function": "uart_set_info" }, "deprecated": false, "digest": { "length": 3731.0, "function_hash": "39595924832578793854731767321255325393" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9196e42a3b8eeff1707e6ef769112b4b6096be49" }, { "id": "CVE-2024-43893-45cb613c", "signature_type": "Function", "target": { "file": "drivers/tty/serial/serial_core.c", "function": "uart_set_info" }, "deprecated": false, "digest": { "length": 3712.0, "function_hash": "297508545500388265032120948490047047712" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba" }, { "id": "CVE-2024-43893-46c1a2c2", "signature_type": "Line", "target": { "file": "drivers/tty/serial/serial_core.c" }, "deprecated": false, "digest": { "line_hashes": [ "187879668662584549874667749843565215559", "94122458986753443673493804674378038766", "128611323036854628315857080486051010157" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@68dc02f319b9ee54dc23caba742a5c754d1cccc8" }, { "id": "CVE-2024-43893-6c93719b", "signature_type": "Function", "target": { "file": "drivers/tty/serial/serial_core.c", "function": "uart_set_info" }, "deprecated": false, "digest": { "length": 3734.0, "function_hash": "14117566586327489135475169231794684142" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@68dc02f319b9ee54dc23caba742a5c754d1cccc8" }, { "id": "CVE-2024-43893-85a920da", "signature_type": "Function", "target": { "file": "drivers/tty/serial/serial_core.c", "function": "uart_set_info" }, "deprecated": false, "digest": { "length": 3734.0, "function_hash": "14117566586327489135475169231794684142" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3ad503876283ac3fcca922a1bf243ef9eb0b0e2" }, { "id": "CVE-2024-43893-87d59c24", "signature_type": "Line", "target": { "file": "drivers/tty/serial/serial_core.c" }, "deprecated": false, "digest": { "line_hashes": [ "187879668662584549874667749843565215559", "94122458986753443673493804674378038766", "128611323036854628315857080486051010157" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba" }, { "id": "CVE-2024-43893-ae1cbb68", "signature_type": "Function", "target": { "file": "drivers/tty/serial/serial_core.c", "function": "uart_set_info" }, "deprecated": false, "digest": { "length": 3799.0, "function_hash": "72672761410856805747680448514593479591" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52b138f1021113e593ee6ad258ce08fe90693a9e" }, { "id": "CVE-2024-43893-c734e3cb", "signature_type": "Function", "target": { "file": "drivers/tty/serial/serial_core.c", "function": "uart_set_info" }, "deprecated": false, "digest": { "length": 3731.0, "function_hash": "39595924832578793854731767321255325393" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e13ba3fe5ee070f8a9dab60029d52b1f61da5051" }, { "id": "CVE-2024-43893-ca2d5ef7", "signature_type": "Line", "target": { "file": "drivers/tty/serial/serial_core.c" }, "deprecated": false, "digest": { "line_hashes": [ "187879668662584549874667749843565215559", "94122458986753443673493804674378038766", "128611323036854628315857080486051010157" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9196e42a3b8eeff1707e6ef769112b4b6096be49" }, { "id": "CVE-2024-43893-caf4a076", "signature_type": "Function", "target": { "file": "drivers/tty/serial/serial_core.c", "function": "uart_set_info" }, "deprecated": false, "digest": { "length": 3799.0, "function_hash": "72672761410856805747680448514593479591" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@55b2a5d331a6ceb1c4372945fdb77181265ba24f" }, { "id": "CVE-2024-43893-d33c0f65", "signature_type": "Line", "target": { "file": "drivers/tty/serial/serial_core.c" }, "deprecated": false, "digest": { "line_hashes": [ "187879668662584549874667749843565215559", "94122458986753443673493804674378038766", "128611323036854628315857080486051010157" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e13ba3fe5ee070f8a9dab60029d52b1f61da5051" }, { "id": "CVE-2024-43893-ecc911a2", "signature_type": "Line", "target": { "file": "drivers/tty/serial/serial_core.c" }, "deprecated": false, "digest": { "line_hashes": [ "187879668662584549874667749843565215559", "94122458986753443673493804674378038766", "128611323036854628315857080486051010157" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52b138f1021113e593ee6ad258ce08fe90693a9e" } ] }