CVE-2024-43893 in Linuxinfo

Summary

by MITRE • 08/26/2024

In the Linux kernel, the following vulnerability has been resolved:

serial: core: check uartclk for zero to avoid divide by zero

Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor(). The check for uartclk being zero in uart_set_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set.

Oops: divide error: 0000 PREEMPT SMP KASAN PTI RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580) Call Trace: serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576 drivers/tty/serial/8250/8250_port.c:2589) serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502 drivers/tty/serial/8250/8250_port.c:2741) serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862) uart_change_line_settings (./include/linux/spinlock.h:376 ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222) uart_port_startup (drivers/tty/serial/serial_core.c:342) uart_startup (drivers/tty/serial/serial_core.c:368) uart_set_info (drivers/tty/serial/serial_core.c:1034) uart_set_info_user (drivers/tty/serial/serial_core.c:1059) tty_set_serial (drivers/tty/tty_io.c:2637) tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791) __x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907 fs/ioctl.c:893 fs/ioctl.c:893) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)

Rule: add

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 09/29/2025

The vulnerability described in CVE-2024-43893 resides within the Linux kernel's serial communication subsystem, specifically in the serial core driver component. This issue manifests when the ioctl TIOCSSERIAL command is executed with an invalid baud_base parameter, which can result in the uartclk field being set to zero. The root cause lies in the improper validation of the uartclk value before it is utilized in calculations, leading to a divide-by-zero error during the uart_get_divisor() function call. The flaw is particularly concerning as it occurs in a critical kernel path that handles serial port configuration and communication, making it a potential vector for system instability or denial of service attacks. The error trace shows the execution flow leading to the divide error at uart_get_divisor in serial_core.c at line 580, with subsequent calls through the serial8250 driver components indicating the cascading nature of the vulnerability.

The technical implementation of this vulnerability stems from a logical flaw in the uart_set_info() function where the validation check for uartclk being zero is deferred until after other configuration settings have been applied. This design oversight means that even if the initial validation fails, the system continues processing with potentially invalid parameters, creating a state where subsequent ioctl TIOCSSERIAL calls for the same port are compromised. The kernel's serial subsystem relies heavily on proper clock rate calculations for baud rate generation, and when uartclk becomes zero, any attempt to compute divisor values through uart_get_divisor() results in immediate division by zero, triggering a kernel oops and system crash. This vulnerability aligns with CWE-369, which specifically addresses the divide-by-zero error condition, and represents a classic case of improper input validation in kernel space operations.

The operational impact of this vulnerability extends beyond simple system crashes, as it can be exploited to cause denial of service conditions across serial communication channels. Systems relying on serial port functionality for critical operations such as modem connections, embedded device communication, or industrial control systems may experience complete service interruption when this vulnerability is triggered. The attack surface includes any application or process that can issue TIOCSSERIAL ioctls to serial ports, potentially including user-space applications with appropriate permissions or even malicious code exploiting privilege escalation vectors. The vulnerability is particularly dangerous in embedded systems or industrial environments where serial communication is fundamental to system operation and where a simple ioctl call can bring down entire operational chains. According to ATT&CK framework, this vulnerability could be leveraged under technique T1499.004 (Endpoint Denial of Service) as it enables a denial of service condition through kernel-level manipulation.

Mitigation strategies for this vulnerability involve implementing immediate kernel patches that ensure the uartclk validation occurs before any configuration changes are applied, preventing the scenario where zero values propagate through the system. The fix requires moving the zero-check for uartclk to an earlier point in the uart_set_info() function to prevent subsequent operations from using invalid values. System administrators should prioritize applying the relevant kernel updates as soon as they become available, particularly in environments where serial communication is critical and where the attack surface includes untrusted applications or user-space processes. Additionally, monitoring for unusual ioctl TIOCSSERIAL usage patterns and implementing proper input validation in applications that interact with serial ports can provide additional defense-in-depth measures. Organizations should also consider implementing kernel lockdown mechanisms and restricting serial port access to only trusted processes to minimize the potential impact of such vulnerabilities. The vulnerability highlights the importance of careful kernel design and validation of all input parameters, especially in critical system components that handle hardware-level communication protocols.

Responsible

Linux

Reservation

08/17/2024

Disclosure

08/26/2024

Moderation

accepted

CPE

ready

EPSS

0.00255

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!