Common Weakness Enumeration

CWE-369

Allowed

Divide By Zero

Abstraction: Base · Status: Draft

The product divides a value by zero.

577 vulnerabilities reference this CWE, most recent first.

GHSA-56RV-PWM3-V8Q5

Vulnerability from github – Published: 2024-11-09 12:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()

In the ad9832_write_frequency() function, clk_get_rate() might return 0. This can lead to a division by zero when calling ad9832_calc_freqreg(). The check if (fout > (clk_get_rate(st->mclk) / 2)) does not protect against the case when fout is 0. The ad9832_write_frequency() function is called from ad9832_write(), and fout is derived from a text buffer, which can contain any value.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-09T11:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()\n\nIn the ad9832_write_frequency() function, clk_get_rate() might return 0.\nThis can lead to a division by zero when calling ad9832_calc_freqreg().\nThe check if (fout \u003e (clk_get_rate(st-\u003emclk) / 2)) does not protect\nagainst the case when fout is 0. The ad9832_write_frequency() function\nis called from ad9832_write(), and fout is derived from a text buffer,\nwhich can contain any value.",
  "id": "GHSA-56rv-pwm3-v8q5",
  "modified": "2025-11-04T00:31:59Z",
  "published": "2024-11-09T12:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50233"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f39548f45693d86e950647012a214da6917dc9f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/442f786c5bff8cfd756ebdeaa4aadbf05c22aa5a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6bd301819f8f69331a55ae2336c8b111fc933f3d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/adfbc08b94e7df08b9ed5fa26b969cc1b54c84ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ccbc10647aafe2b7506edb4b10e19c6c2416c162"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd9e1cf619c945f320e686dcaf13e37ef0b05fdd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fcd6b59f7a774558e2525251c68aa37aff748e55"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-56W7-9RQR-P4FC

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2025-03-04 21:30
VLAI
Details

ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-09T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.",
  "id": "GHSA-56w7-9rqr-p4fc",
  "modified": "2025-03-04T21:30:51Z",
  "published": "2022-05-24T16:49:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13454"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/1629"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/1ddcf2e4f28029a888cadef2e757509ef5047ad8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/blob/7.0.1-0/MagickCore/layer.c#L1618"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4192-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4712"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/109099"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5C57-665R-M369

Vulnerability from github – Published: 2022-07-01 00:01 – Updated: 2023-01-21 03:30
VLAI
Details

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-30T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.",
  "id": "GHSA-5c57-665r-m369",
  "modified": "2023-01-21T03:30:28Z",
  "published": "2022-07-01T00:01:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2058"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/issues/428"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220826-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5333"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5FCC-X4F9-FJXV

Vulnerability from github – Published: 2022-05-14 01:18 – Updated: 2022-05-14 01:18
VLAI
Details

An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-09T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.",
  "id": "GHSA-5fcc-x4f9-fjxv",
  "modified": "2022-05-14T01:18:25Z",
  "published": "2022-05-14T01:18:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18195"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5FCX-MJHH-4QW9

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-05 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/pm: Prevent division by zero

The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37768"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T14:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-5fcx-mjhh-4qw9",
  "modified": "2025-11-05T15:31:01Z",
  "published": "2025-05-01T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37768"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3cdd02cb70682d7d205ca6dc02a4d1eb76758d24"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5fc4fb54f6f064c25bfbbfd443aa861d3422dd4c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c246a05df51c52fe0852ce56ba10c41e6ed1f39"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e9c4f8d197d5709c75effa5d58e80b4fa01981a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9e4f1e21fe7b93a8ef57db433071266c2590e260"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0742a709be7979c7a480772046a1f36d09dab00"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be0fffc4152aac4f0291ed2d793f3cfee788449d"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5J7X-34CH-2FXF

Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO

Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide by zero error"), we also need to prevent that same crash from happening in the udlfb driver as it uses pixclock directly when dividing, which will crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31605"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T15:16:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO\n\nMuch like commit 19f953e74356 (\"fbdev: fb_pm2fb: Avoid potential divide\nby zero error\"), we also need to prevent that same crash from happening\nin the udlfb driver as it uses pixclock directly when dividing, which\nwill crash.",
  "id": "GHSA-5j7x-34ch-2fxf",
  "modified": "2026-06-01T18:31:27Z",
  "published": "2026-04-24T15:32:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31605"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03797cdee38ef19c87785622d423aabaafb71c5f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6de048d78f3029744778b7a2891745f3ca7c209a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/828ce54b27de93bd9c67991bca5a2c76c76742de"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9981de9fb5ae0d3d6bc5ff5ca63350c2a3cdc564"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a31e4518bec70333a0a98f2946a12b53b45fe5b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/afaaaa38579f1252bb42b145f6e88a955c4f73f3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cccbf9b7fdab48ce4feb69c24f7f928aa8e4e8b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cce24f70090e0decb597b88bc52e8ef8efed6105"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd50ab7dd4ee5bbb4aebffa76ae18484b03a8ea5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5PRH-234X-FRC5

Vulnerability from github – Published: 2022-07-01 00:01 – Updated: 2023-01-21 03:30
VLAI
Details

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-30T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.",
  "id": "GHSA-5prh-234x-frc5",
  "modified": "2023-01-21T03:30:28Z",
  "published": "2022-07-01T00:01:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2057"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/issues/427"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220826-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5333"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5R4R-9FGH-PW53

Vulnerability from github – Published: 2025-05-24 03:30 – Updated: 2025-05-27 18:04
VLAI
Summary
memory_pages division by zero
Details

In the memory_pages crate 0.1.0 for Rust, division by zero can occur.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "memory_pages"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48754"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-27T18:04:27Z",
    "nvd_published_at": "2025-05-24T03:15:24Z",
    "severity": "LOW"
  },
  "details": "In the memory_pages crate 0.1.0 for Rust, division by zero can occur.",
  "id": "GHSA-5r4r-9fgh-pw53",
  "modified": "2025-05-27T18:04:27Z",
  "published": "2025-05-24T03:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48754"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FractalFir/memory_pages/issues/1"
    },
    {
      "type": "WEB",
      "url": "https://crates.io/crates/memory_pages"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FractalFir/memory_pages"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "memory_pages division by zero"
}

GHSA-5V8X-87GJ-GVXW

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14
VLAI
Details

The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-8667"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-04T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.",
  "id": "GHSA-5v8x-87gj-gvxw",
  "modified": "2022-05-13T01:14:22Z",
  "published": "2022-05-13T01:14:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8667"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/14/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/15/4"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93567"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5W2F-HR95-2H6J

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-26 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nexthop: Fix division by zero while replacing a resilient group

The resilient nexthop group torture tests in fib_nexthop.sh exposed a possible division by zero while replacing a resilient group [1]. The division by zero occurs when the data path sees a resilient nexthop group with zero buckets.

The tests replace a resilient nexthop group in a loop while traffic is forwarded through it. The tests do not specify the number of buckets while performing the replacement, resulting in the kernel allocating a stub resilient table (i.e, 'struct nh_res_table') with zero buckets.

This table should never be visible to the data path, but the old nexthop group (i.e., 'oldg') might still be used by the data path when the stub table is assigned to it.

Fix this by only assigning the stub table to the old nexthop group after making sure the group is no longer used by the data path.

Tested with fib_nexthops.sh:

Tests passed: 222 Tests failed: 0

[1] divide error: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 1850 Comm: ping Not tainted 5.14.0-custom-10271-ga86eb53057fe #1107 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014 RIP: 0010:nexthop_select_path+0x2d2/0x1a80 [...] Call Trace: fib_select_multipath+0x79b/0x1530 fib_select_path+0x8fb/0x1c10 ip_route_output_key_hash_rcu+0x1198/0x2da0 ip_route_output_key_hash+0x190/0x340 ip_route_output_flow+0x21/0x120 raw_sendmsg+0x91d/0x2e10 inet_sendmsg+0x9e/0xe0 __sys_sendto+0x23d/0x360 __x64_sys_sendto+0xe1/0x1b0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:22Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnexthop: Fix division by zero while replacing a resilient group\n\nThe resilient nexthop group torture tests in fib_nexthop.sh exposed a\npossible division by zero while replacing a resilient group [1]. The\ndivision by zero occurs when the data path sees a resilient nexthop\ngroup with zero buckets.\n\nThe tests replace a resilient nexthop group in a loop while traffic is\nforwarded through it. The tests do not specify the number of buckets\nwhile performing the replacement, resulting in the kernel allocating a\nstub resilient table (i.e, \u0027struct nh_res_table\u0027) with zero buckets.\n\nThis table should never be visible to the data path, but the old nexthop\ngroup (i.e., \u0027oldg\u0027) might still be used by the data path when the stub\ntable is assigned to it.\n\nFix this by only assigning the stub table to the old nexthop group after\nmaking sure the group is no longer used by the data path.\n\nTested with fib_nexthops.sh:\n\nTests passed: 222\nTests failed:   0\n\n[1]\n divide error: 0000 [#1] PREEMPT SMP KASAN\n CPU: 0 PID: 1850 Comm: ping Not tainted 5.14.0-custom-10271-ga86eb53057fe #1107\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014\n RIP: 0010:nexthop_select_path+0x2d2/0x1a80\n[...]\n Call Trace:\n  fib_select_multipath+0x79b/0x1530\n  fib_select_path+0x8fb/0x1c10\n  ip_route_output_key_hash_rcu+0x1198/0x2da0\n  ip_route_output_key_hash+0x190/0x340\n  ip_route_output_flow+0x21/0x120\n  raw_sendmsg+0x91d/0x2e10\n  inet_sendmsg+0x9e/0xe0\n  __sys_sendto+0x23d/0x360\n  __x64_sys_sendto+0xe1/0x1b0\n  do_syscall_64+0x35/0x80\n  entry_SYSCALL_64_after_hwframe+0x44/0xae",
  "id": "GHSA-5w2f-hr95-2h6j",
  "modified": "2024-12-26T18:30:33Z",
  "published": "2024-05-21T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47363"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/563f23b002534176f49524b5ca0e1d94d8906c40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e9d32ec26e7f01d1af13bdc687f586362546aa25"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.