Linux Kernel dm-integrity Divide-By-Zero Vulnerability in Inline Mode

A vulnerability in the Linux kernel's dm-integrity module can lead to a divide-by-zero error in table status when operating in Inline mode. In this mode, the journal is not used, and the journal_sectors variable is zero. The issue arises when calculating the journal watermark, which requires dividing by journal_sectors. This calculation should only be performed if the journal is configured. As a result, a simple table query using dmsetup can cause a crash. The vulnerability may not be present on all systems, potentially due to compiler optimizations. However, it consistently crashes on 32-bit machines with a divide error, as indicated by the Oops message.

Impact

Exploitation of this vulnerability causes a divide-by-zero error, leading to a crash of the dmsetup process. This type of error can create instability in the system by causing processes to terminate unexpectedly, which may disrupt services or applications relying on those processes.

Reproduction

The vulnerability can be reproduced by using the dmsetup tool to query the dm-integrity module in Inline mode. This can be done on a 32-bit Linux machine running a version of the kernel that is vulnerable. The dm-integrity module should be configured to use Inline mode, with the journal feature disabled, so that the journal_sectors variable is zero. When the dmsetup table command is executed, the divide-by-zero error occurs, causing the Oops: divide error crash.