CVE-2024-35925

MEDIUM

Linux Kernel < 4.19.312 - Divide By Zero

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blk_rq_stat_sum() The expression dst->nr_samples + src->nr_samples may have zero value on overflow. It is necessary to add a check to avoid division by zero. Found by Linux Verification Center (linuxtesting.org) with Svace.

References (10)

[Patch] https://git.kernel.org/stable/c/21e7d72d0cfcbae6042d498ea2e6f395311767f8

[Patch] https://git.kernel.org/stable/c/512a01da7134bac8f8b373506011e8aaa3283854

[Patch] https://git.kernel.org/stable/c/5f7fd6aa4c4877d77133ea86c14cf256f390b2fe

[Patch] https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7

[Patch] https://git.kernel.org/stable/c/93f52fbeaf4b676b21acfe42a5152620e6770d02

[Patch] https://git.kernel.org/stable/c/98ddf2604ade2d954bf5ec193600d5274a43fd68

[Patch] https://git.kernel.org/stable/c/b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c

[Patch] https://git.kernel.org/stable/c/edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-369

Status published

Products (9)

debian/debian_linux 10.0

linux/Kernel 4.15.0 - 4.19.312linux

linux/Kernel 4.20.0 - 5.4.274linux

linux/Kernel 5.11.0 - 5.15.155linux

linux/Kernel 5.16.0 - 6.1.86linux

linux/Kernel 5.5.0 - 5.10.215linux

linux/Kernel 6.2.0 - 6.6.27linux

linux/Kernel 6.7.0 - 6.8.6linux

linux/linux_kernel < 4.19.312

Published May 19, 2024

Tracked Since Feb 18, 2026