Linux Kernel hwmon Division by Zero Vulnerability in OCC Power Reporting

A division by zero vulnerability has been identified in the Linux kernel's OCC power reporting within the hwmon subsystem. This issue occurs in the 'occ_show_power_1()' function, where the accumulator is divided by the update tag without verifying if the update tag is zero. During early boot, when sensor data has not yet been updated, this can lead to a kernel crash due to the divide-by-zero error. Although a fix was implemented in 2019 for similar issues in other power reporting functions, this particular case was overlooked. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a kernel crash due to a divide-by-zero error, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by booting a system with the affected Linux kernel version and accessing the OCC power reporting feature through the hwmon subsystem before any sensor data has been collected. This can be done early in the boot process when the sensor block is included but not yet updated, causing the update tag to be zero and triggering the divide-by-zero error.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.