CVE-2024-49977

Oct. 25, 2024, 8:03 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix zero-division error when disabling tc cbs The commit b8c43360f6e4 ("net: stmmac: No need to calculate speed divider when offload is disabled") allows the "port_transmit_rate_kbps" to be set to a value of 0, which is then passed to the "div_s64" function when tc-cbs is disabled. This leads to a zero-division error. When tc-cbs is disabled, the idleslope, sendslope, and credit values the credit values are not required to be configured. Therefore, adding a return statement after setting the txQ mode to DCB when tc-cbs is disabled would prevent a zero-division error.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-369
Divide By Zero
The product divides a value by zero.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/03582f4752427f60817d896f1a827aff772bd31e
https://git.kernel.org/stable/c/5d43e1ad4567d67af2b42d3ab7c14152ffed25c6
https://git.kernel.org/stable/c/675faf5a14c14a2be0b870db30a70764df81e2df
https://git.kernel.org/stable/c/837d9df9c0792902710149d1a5e0991520af0f93
https://git.kernel.org/stable/c/b0da9504a528f05f97d926b4db74ff21917a33e9
https://git.kernel.org/stable/c/e297a2bf56d12fd7f91a0c209eb6ea84361f3368
https://git.kernel.org/stable/c/e33fe25b1efe4f2e6a5858786dbc82ae4c44ed4c

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-369
2024-10-21
CVE-2024-49977

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Oct. 21, 2024, 6:15 p.m.
Last Modified: Oct. 25, 2024, 8:03 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.