CVE-2024-35925

block: prevent division by zero in blk_rq_stat_sum()

Description

In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blk_rq_stat_sum() The expression dst->nr_samples + src->nr_samples may have zero value on overflow. It is necessary to add a check to avoid division by zero. Found by Linux Verification Center (linuxtesting.org) with Svace.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7 patch
https://git.kernel.org/stable/c/edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14 patch
https://git.kernel.org/stable/c/b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c patch
https://git.kernel.org/stable/c/21e7d72d0cfcbae6042d498ea2e6f395311767f8 patch
https://git.kernel.org/stable/c/512a01da7134bac8f8b373506011e8aaa3283854 patch
https://git.kernel.org/stable/c/5f7fd6aa4c4877d77133ea86c14cf256f390b2fe patch
https://git.kernel.org/stable/c/98ddf2604ade2d954bf5ec193600d5274a43fd68 patch
https://git.kernel.org/stable/c/93f52fbeaf4b676b21acfe42a5152620e6770d02 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list

Frequently Asked Questions

What is the severity of CVE-2024-35925?
CVE-2024-35925 has been scored as a medium severity vulnerability.
How to fix CVE-2024-35925?
To fix CVE-2024-35925, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35925 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-35925 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35925?
CVE-2024-35925 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.