CVE-2024-47664

In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware If the value of max_speed_hz is 0, it may cause a division by zero error in hisi_calc_effective_speed(). The value of max_speed_hz is provided by firmware. Firmware is generally considered as a trusted domain. However, as division by zero errors can cause system failure, for defense measure, the value of max_speed is validated here. So 0 is regarded as invalid and an error code is returned.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*

History

23 Oct 2024, 16:47

Type Values Removed Values Added
CWE CWE-369
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43 - () https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43 - Patch
References () https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c - () https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c - Patch
References () https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc - () https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc - Patch
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: hisi-kunpeng: Agregar verificación para max_frequency proporcionada por el firmware Si el valor de max_speed_hz es 0, puede causar un error de división por cero en hisi_calc_effective_speed(). El valor de max_speed_hz lo proporciona el firmware. El firmware generalmente se considera un dominio confiable. Sin embargo, como los errores de división por cero pueden causar fallas del sistema, como medida de defensa, el valor de max_speed se valida aquí. Entonces, 0 se considera inválido y se devuelve un código de error.

09 Oct 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-09 15:15

Updated : 2024-10-23 16:47


NVD link : CVE-2024-47664

Mitre link : CVE-2024-47664

CVE.ORG link : CVE-2024-47664


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-369

Divide By Zero