Hide Forgot
Description of problem: [1.] One line summary of the problem: hda-intel crashes the kernel due to a divide by zero in azx_position_ok [2.] Full description of the problem/report: Using mp3blaster-3.2.5 (latest version) to play MP3 audio, the reporter was able to crash the kernel by stopping and restarting playback using the "5" key repeatedly. This happens as a normal user, not only as root. Kernel backtrace points to azx_position_ok() dividing by zero, so he wrote a tiny patch to investigate which reported via printk() values of pos and azx_dev->period_bytes; on crash, both were 0. The offending operation does: if (pos % azx_dev->period_bytes > azx_dev->period_bytes / 2) which obviously is the source of the crash. This happens on linux 2.6.32.7 as well as linux 2.6.33-rc6. Upstream commit: http://git.kernel.org/linus/fed08d036f2aabd8d0c684439de37f8ebec2bbc2 References: http://lkml.org/lkml/2010/2/6/40 http://nctritech.net/bugreport.txt http://lwn.net/Articles/375417/ Requested a CVE name for this.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0394 https://rhn.redhat.com/errata/RHSA-2010-0394.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0398 https://rhn.redhat.com/errata/RHSA-2010-0398.html