CVE-2024-26945

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix nr_cpus < nr_iaa case If nr_cpus < nr_iaa, the calculated cpus_per_iaa will be 0, which causes a divide-by-0 in rebalance_wq_table(). Make sure cpus_per_iaa is 1 in that case, and also in the nr_iaa == 0 case, even though cpus_per_iaa is never used if nr_iaa == 0, for paranoia.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/5a7e89d3315d1be86aff8a8bf849023cda6547f7
https://git.kernel.org/stable/c/a5ca1be7f9817de4e93085778b3ee2219bdc2664

Configurations

No configuration.

History

03 Jul 2024, 01:50

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.4
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: iaa - Corrige el caso nr_cpus < nr_iaa Si nr_cpus < nr_iaa, el cpus_per_iaa calculado será 0, lo que provoca una división por 0 en rebalance_wq_table(). Asegúrese de que cpus_per_iaa sea 1 en ese caso, y también en el caso de nr_iaa == 0, aunque cpus_per_iaa nunca se use si nr_iaa == 0, para paranoia.
CWE		CWE-369

01 May 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-01 06:15

Updated : 2024-07-03 01:50

NVD link : CVE-2024-26945

Mitre link : CVE-2024-26945

CVE.ORG link : CVE-2024-26945

JSON object : View

Products Affected

No product.

CWE

CWE-369

Divide By Zero

8.4 /10