Bug 2307862 (CVE-2024-43889) - CVE-2024-43889 kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()
Summary: CVE-2024-43889 kernel: padata: Fix possible divide-by-0 panic in padata_mt_he...
Keywords:
Status: NEW
Alias: CVE-2024-43889
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2343210
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-08-26 11:20 UTC by OSIDB Bzimport
Modified: 2025-05-13 08:25 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:9635 0 None None None 2024-11-14 09:59:41 UTC
Red Hat Product Errata RHBA-2024:9811 0 None None None 2024-11-18 01:20:42 UTC
Red Hat Product Errata RHSA-2024:8856 0 None None None 2024-11-05 01:10:34 UTC
Red Hat Product Errata RHSA-2024:8870 0 None None None 2024-11-05 00:50:14 UTC
Red Hat Product Errata RHSA-2025:2270 0 None None None 2025-03-05 02:40:28 UTC
Red Hat Product Errata RHSA-2025:6966 0 None None None 2025-05-13 08:25:58 UTC

Description OSIDB Bzimport 2024-08-26 11:20:41 UTC 
In the Linux kernel, the following vulnerability has been resolved:

padata: Fix possible divide-by-0 panic in padata_mt_helper()

We are hit with a not easily reproducible divide-by-0 panic in padata.c at
bootup time.

  [   10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI
  [   10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1
  [   10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021
  [   10.017908] Workqueue: events_unbound padata_mt_helper
  [   10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0
    :
  [   10.017963] Call Trace:
  [   10.017968]  <TASK>
  [   10.018004]  ? padata_mt_helper+0x39/0xb0
  [   10.018084]  process_one_work+0x174/0x330
  [   10.018093]  worker_thread+0x266/0x3a0
  [   10.018111]  kthread+0xcf/0x100
  [   10.018124]  ret_from_fork+0x31/0x50
  [   10.018138]  ret_from_fork_asm+0x1a/0x30
  [   10.018147]  </TASK>

Looking at the padata_mt_helper() function, the only way a divide-by-0
panic can happen is when ps->chunk_size is 0.  The way that chunk_size is
initialized in padata_do_multithreaded(), chunk_size can be 0 when the
min_chunk in the passed-in padata_mt_job structure is 0.

Fix this divide-by-0 panic by making sure that chunk_size will be at least
1 no matter what the input parameters are.
Comment 1 Mauro Matteo Cascella 2024-08-27 10:40:20 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024082600-CVE-2024-43889-4d0b@gregkh/T
Comment 5 errata-xmlrpc 2024-11-05 00:50:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:8870 https://access.redhat.com/errata/RHSA-2024:8870
Comment 6 errata-xmlrpc 2024-11-05 01:10:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:8856 https://access.redhat.com/errata/RHSA-2024:8856
Comment 7 errata-xmlrpc 2025-03-05 02:40:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:2270 https://access.redhat.com/errata/RHSA-2025:2270
Comment 8 errata-xmlrpc 2025-05-13 08:25:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:6966 https://access.redhat.com/errata/RHSA-2025:6966
Note You need to log in before you can comment on or make changes to this bug.