CVE-2024-43889 in Linuxinfo

Summary

by MITRE • 08/26/2024

In the Linux kernel, the following vulnerability has been resolved:

padata: Fix possible divide-by-0 panic in padata_mt_helper()

We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time.

[ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI
[ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1
[ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021
[ 10.017908] Workqueue: events_unbound padata_mt_helper
[ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0
: [ 10.017963] Call Trace:
[ 10.017968]
[ 10.018004] ? padata_mt_helper+0x39/0xb0
[ 10.018084] process_one_work+0x174/0x330
[ 10.018093] worker_thread+0x266/0x3a0
[ 10.018111] kthread+0xcf/0x100
[ 10.018124] ret_from_fork+0x31/0x50
[ 10.018138] ret_from_fork_asm+0x1a/0x30
[ 10.018147]

Looking at the padata_mt_helper() function, the only way a divide-by-0 panic can happen is when ps->chunk_size is 0. The way that chunk_size is initialized in padata_do_multithreaded(), chunk_size can be 0 when the min_chunk in the passed-in padata_mt_job structure is 0.

Fix this divide-by-0 panic by making sure that chunk_size will be at least 1 no matter what the input parameters are.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 09/29/2025

The vulnerability CVE-2024-43889 represents a critical divide-by-zero panic condition within the Linux kernel's padata subsystem, specifically affecting the padata_mt_helper() function during system boot processes. This issue manifests as a kernel oops event that terminates system stability and can prevent successful boot completion. The problem occurs in the context of parallel data processing where the kernel attempts to perform arithmetic operations on uninitialized or improperly validated parameters, creating a scenario where division by zero becomes mathematically impossible and systemically catastrophic.

The technical flaw resides in the improper validation of input parameters within the padata_multithreaded processing framework. The function padata_mt_helper() performs division operations using ps->chunk_size as a divisor, but this value can become zero when the min_chunk parameter in the padata_mt_job structure is set to zero during initialization. This condition typically occurs during boot sequences when kernel subsystems are being configured and initialized, particularly in workqueue contexts such as events_unbound padata_mt_helper. The call trace demonstrates execution flow through kernel worker threads, indicating this vulnerability affects kernel-level parallel processing mechanisms rather than user-space applications.

The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise entire system availability and reliability. When triggered during bootup, the divide-by-zero panic causes immediate kernel oops and system termination, preventing proper system initialization and rendering affected systems unusable until the kernel is patched. This vulnerability affects systems using the Linux kernel version 6.10.0-15.el10.x86_64 and potentially other versions where similar parameter validation flaws exist in the padata subsystem. The intermittent nature of reproduction makes this vulnerability particularly dangerous as it may not be consistently detected during testing phases but can manifest under specific hardware or load conditions.

The mitigation strategy involves implementing robust parameter validation within the padata subsystem to ensure that chunk_size values are never zero during arithmetic operations. The fix requires modifying the padata_do_multithreaded() initialization logic to guarantee that chunk_size will always be at least 1 regardless of input parameters. This approach aligns with common security practices for preventing arithmetic errors and follows established patterns for kernel-level input validation. The solution addresses the root cause by enforcing minimum value constraints rather than attempting to handle zero values through exception handling, which better aligns with kernel security principles and reduces the attack surface for similar arithmetic-based vulnerabilities.

This vulnerability demonstrates characteristics consistent with CWE-369: Divide by Zero and CWE-391: Unhandled Exception, representing fundamental flaws in input validation and error handling within kernel subsystems. The issue also correlates with ATT&CK technique T1499.001: Endpoint Denial of Service - Network Denial of Service, as it creates a condition where system availability is compromised through kernel-level arithmetic errors. The padata subsystem's role in parallel processing makes this vulnerability particularly concerning for systems requiring high availability and parallel computation capabilities, as it can affect core kernel functionality essential for system operation and resource management.

Responsible

Linux

Reservation

08/17/2024

Disclosure

08/26/2024

Moderation

accepted

CPE

ready

EPSS

0.00237

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!