Linux Kernel Hardware Random Number Generator Division by Zero Vulnerability

A division by zero vulnerability has been identified in the Linux kernel's hardware random number generator (hwrng) component, specifically within the ks-sa driver. This issue affects several versions of the Linux kernel stable tree. The vulnerability arises from an uninitialized clock pointer, which leads to a zero division when the system attempts to calculate delay values. The problem has been addressed by adding proper clock initialization before the clock is used.

Impact

Exploitation of this vulnerability could lead to a system crash or undefined behavior due to the division by zero error.

Reproduction

The vulnerability can be reproduced by loading the ks-sa random number generator driver in a Linux kernel version that is affected by this issue. The driver will attempt to use a clock resource that has not been properly initialized, causing a division by zero error when the driver calculates timing delays. This can be observed by monitoring the system for crashes or errors related to the random number generator.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.