Linux Kernel libnvdimm Label Handling Division by Zero Vulnerability

A division by zero vulnerability has been identified in the Linux kernel's libnvdimm component, specifically within the label handling functionality. This issue arises when a faulty CXL memory device reports an incorrect zero LSA size in its memory device information. The libnvdimm driver, upon receiving this erroneous data, attempts to process it, leading to a divide error. The vulnerability is triggered by the CXL Command 4000h, which can return a zero LSA size, causing the libnvdimm driver to miscalculate transfer sizes and potentially disrupt normal operations.

Impact

Exploitation of this vulnerability causes a division by zero error, which can lead to a system crash or instability.

Reproduction

The vulnerability can be reproduced by using a faulty CXL memory device that returns a zero LSA size in response to the Identify Memory Device command. This incorrect information is then processed by the libnvdimm driver, where the division by zero occurs during label data initialization.

Remediation

The vulnerability has been addressed in the Linux kernel by adding a check to validate the configuration size parameter, preventing the division by zero error. Users should upgrade to the latest version of the Linux kernel where this fix is applied.