Linux Kernel Block I/O Cost Model Divide-By-Zero Vulnerability

A divide-by-zero vulnerability has been identified in the Linux kernel's block I/O cost model feature. This issue arises in the 'calc_lcoefs' function, where the cost model can be manipulated to cause a division by zero error. The vulnerability is triggered by writing a maximum unsigned 64-bit integer value to the I/O cost model, which can lead to an overflow condition. The error occurs when the 'calc_lcoefs' function attempts to calculate cost coefficients using the manipulated value, resulting in a division by zero error. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a division-by-zero error, causing a kernel panic and disrupting system operations.

Reproduction

The vulnerability can be reproduced by echoing a maximum unsigned 64-bit integer value into the I/O cost model cgroup file. This action triggers the 'calc_lcoefs' function, which then attempts to perform calculations that result in a divide-by-zero error.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched.