Linux Kernel SPI NOR Division by Zero Vulnerability

Vulnerability

A division by zero vulnerability has been identified in the Linux kernel's SPI NOR handling. When there is no dummy cycle in the SPI NOR commands, both the dummy bus cycle bytes and width are zero. This situation triggers a CPU warning for division by zero. The vulnerability has been addressed by modifying the code to return zero instead of performing the division, thereby avoiding the warning.

Impact

Exploitation of this vulnerability could lead to a division by zero error, causing a warning from the CPU. In some cases, such division by zero errors can be exploited to cause a denial of service by crashing the system or application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SPI NOR Division by Zero Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating