CVE-2024-49977

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: stmmac: Fix zero-division error when disabling tc cbs

The commit b8c43360f6e4 ("net: stmmac: No need to calculate speed divider when offload is disabled") allows the "port_transmit_rate_kbps" to be set to a value of 0, which is then passed to the "div_s64" function when tc-cbs is disabled. This leads to a zero-division error.

When tc-cbs is disabled, the idleslope, sendslope, and credit values the credit values are not required to be configured. Therefore, adding a return statement after setting the txQ mode to DCB when tc-cbs is disabled would prevent a zero-division error.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb4bca4722fda928810d024350493990de39f1e40 < e33fe25b1efe4f2e6a5858786dbc82ae4c44ed4caffected
LinuxLinux2145583e5995598f50d66f8710c86bb1e910ac46 < b0da9504a528f05f97d926b4db74ff21917a33e9affected
LinuxLinux521d42a1c24d638241220d4b9fa7e7a0ed02b88e < 5d43e1ad4567d67af2b42d3ab7c14152ffed25c6affected
LinuxLinuxa71b686418ee6bcb6d6365f7f6d838d9874d9c64 < 03582f4752427f60817d896f1a827aff772bd31eaffected
LinuxLinuxb8c43360f6e424131fa81d3ba8792ad8ff25a09e < e297a2bf56d12fd7f91a0c209eb6ea84361f3368affected
LinuxLinuxb8c43360f6e424131fa81d3ba8792ad8ff25a09e < 837d9df9c0792902710149d1a5e0991520af0f93affected
LinuxLinuxb8c43360f6e424131fa81d3ba8792ad8ff25a09e < 675faf5a14c14a2be0b870db30a70764df81e2dfaffected
LinuxLinuxf01782804147a8c21f481b3342c83422c041d2c0affected
LinuxLinux5.10.221 < 5.10.227affected
LinuxLinux5.15.162 < 5.15.168affected
LinuxLinux6.1.96 < 6.1.113affected
LinuxLinux6.6.36 < 6.6.55affected
LinuxLinux6.9.7 < 6.10affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux5.10.227 <= 5.10.*unaffected
LinuxLinux5.15.168 <= 5.15.*unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.55 <= 6.6.*unaffected
LinuxLinux6.10.14 <= 6.10.*unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References