PT-2023-2676 · Linux+6 · Linux Kernel+6

Yu Hao

·

Published

2023-04-24

·

Updated

2026-03-13

·

CVE-2023-31085

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel version 6.2
Description An issue in the Linux kernel is related to a divide-by-zero error in the do div(sz, mtd->erasesize) function, which is used indirectly by ctrl cdev ioctl, when mtd->erasesize is 0. This error is located in the drivers/mtd/ubi/cdev.c file. The issue may allow an attacker to cause a denial of service or potentially have other impacts.
Recommendations For Linux kernel version 6.2, consider applying a patch to fix the divide-by-zero error in the do div(sz, mtd->erasesize) function. As a temporary workaround, restrict access to the ctrl cdev ioctl function to minimize the risk of exploitation. Avoid using the mtd->erasesize variable with a value of 0 in the affected code until the issue is resolved.

Exploit

Fix

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

BDU:2023-02516
CVE-2023-31085
ECHO-80B8-B9E3-E460
OESA-2023-1779
OESA-2023-1780
OESA-2023-1781
OESA-2023-1782
OESA-2023-1783
OPENSUSE-SU-2023_4343-1
OPENSUSE-SU-2023_4345-1
OPENSUSE-SU-2023_4347-1
OPENSUSE-SU-2023_4348-1
OPENSUSE-SU-2023_4351-1
OPENSUSE-SU-2023_4375-1
OPENSUSE-SU-2023_4378-1
OPENSUSE-SU-2023_4414-1
ROSA-SA-2023-2189
SUSE-SU-2023:4343-1
SUSE-SU-2023:4345-1
SUSE-SU-2023:4346-1
SUSE-SU-2023:4347-1
SUSE-SU-2023:4348-1
SUSE-SU-2023:4349-1
SUSE-SU-2023:4351-1
SUSE-SU-2023:4359-1
SUSE-SU-2023:4375-1
SUSE-SU-2023:4377-1
SUSE-SU-2023:4378-1
SUSE-SU-2023:4414-1
SUSE-SU-2023_4359-1
SUSE-SU-2024:0112-1
USN-6461-1
USN-6494-1
USN-6494-2
USN-6495-1
USN-6495-2
USN-6496-1
USN-6496-2
USN-6502-1
USN-6502-2
USN-6502-3
USN-6502-4
USN-6503-1
USN-6516-1
USN-6520-1
USN-6532-1
USN-6537-1
USN-6572-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu