A divide by zero issue was found in the Samsung exynos4210 multi core timer emulation of QEMU, available through arm/aarch64 targets. Specifically, function exynos4210_ltick_cnt_get_cnto() in hw/timer/exynos4210_mct.c does not properly validate the local timer's TCNTB field while using its value in a modulo operation 'remain % s->tcntb'. A guest user may be able to exploit this issue to crash the QEMU process on the host, resulting in a denial of service.
Acknowledgments: Name: Gaoning Pan (Zhejiang University)
Created qemu tracking bugs for this issue: Affects: epel-7 [bug 1906529] Affects: fedora-all [bug 1906528]
Statement: This issue does not affect the versions of `qemu-kvm` as shipped with Red Hat products, as they do not include support for the Exynos4210 platform emulation. Additionally, Red Hat Product Security does not consider this bug to be a security vulnerability because it only affects the non-virtualization use case. For further information, please refer to the QEMU Security page: https://www.qemu.org/docs/master/system/security.html.