Linux Kernel Divide-By-Zero Vulnerability in act_skbedit Scheduler Component

A divide-by-zero vulnerability has been identified in the Linux kernel's scheduling component, specifically within the act_skbedit feature. This issue arises when the range for selecting transmission queues is improperly calculated, allowing the range size to exceed the maximum value representable by a 16-bit unsigned integer. As a result, the calculation wraps around to zero, leading to a division by zero error. The vulnerability is present in Linux kernel versions 6.12 and later.

Impact

Exploitation of this vulnerability causes a crash by triggering a divide-by-zero error, which can lead to a denial of service.

Reproduction

The vulnerability can be reproduced by configuring the act_skbedit feature to select transmission queues using the SKBEDIT_F_TXQ_SKBHASH option. When the queue_mapping range includes all possible queue IDs, the calculated range size can exceed the maximum value for a u16, causing the vulnerability to manifest.

Remediation

The vulnerability has been addressed by modifying the queue mapping range calculation to use a wider data type, preventing it from wrapping around to zero. Users should update to the latest version of the Linux kernel where this fix has been applied.