Armis Vulnerability Intelligence Database

Description Preview

In the Linux kernel, specifically in the spi-hisi-kunpeng driver, a vulnerability has been identified where the max_speed_hz value provided by the firmware is not properly validated. If the value of max_speed_hz is set to 0, it can trigger a division by zero error in the hisi_calc_effective_speed() function. This vulnerability could potentially lead to system failure. To mitigate this issue, proper validation for the max_frequency value provided by the firmware has been added to prevent the occurrence of division by zero errors.

Overview

The vulnerability affects the Linux kernel's spi-hisi-kunpeng driver, potentially leading to a division by zero error if the max_speed_hz value is set to 0. The issue arises due to lack of verification for the max_frequency provided by the firmware.

Remediation

To remediate this vulnerability, users are advised to update their Linux kernel to versions that include the fix for the spi-hisi-kunpeng driver. The affected versions are:

c770d8631e1810d8f1ce21b18ad5dd67eeb39e5c (less than 16ccaf581da4fcf1e4d66086cf37263f9a656d43)
c770d8631e1810d8f1ce21b18ad5dd67eeb39e5c (less than ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc)
c770d8631e1810d8f1ce21b18ad5dd67eeb39e5c (less than 5127c42c77de18651aa9e8e0a3ced190103b449c) Additionally, users should ensure that the max_speed_hz value provided by the firmware is properly validated to prevent division by zero errors.

References

Git commit for fixing the vulnerability: https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43
Git commit for fixing the vulnerability: https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc
Git commit for fixing the vulnerability: https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Manufacturing
Manufacturing
Health Care & Social Assistance
Health Care & Social Assistance
Professional, Scientific, & Technical Services
Professional, Scientific, & Technical Services
Public Administration
Public Administration
Finance and Insurance
Finance and Insurance
Management of Companies & Enterprises
Management of Companies & Enterprises
Educational Services
Educational Services
Information
Information
Arts, Entertainment & Recreation
Arts, Entertainment & Recreation
Other Services (except Public Administration)
Other Services (except Public Administration)
Retail Trade
Retail Trade
Transportation & Warehousing
Transportation & Warehousing
Agriculture, Forestry Fishing & Hunting
Agriculture, Forestry Fishing & Hunting
Mining
Mining
Real Estate Rental & Leasing
Real Estate Rental & Leasing
Utilities
Utilities
Accommodation & Food Services
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services
Administrative, Support, Waste Management & Remediation Services
Construction
Construction
Wholesale Trade
Wholesale Trade

^{CVE-2024-47664:}CVE-2024-47664 is a vulnerability in the Linux kernel's spi-hisi-kunpeng driver that could lead to a division by zero error due to lack of verification for the max_frequency provided by the firmware.

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!