LiveActive security incident?Get immediate response
CVE Record

CVE-2024-43889: padata: Fix possible divide-by-0 panic in padata_mt_helper()

In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1 [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021 [ 10.017908] Workqueue: events_unbound padata_mt_helper [ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0 : [ 10.017963] Call Trace: [ 10.017968] <TASK> [ 10.018004] ? padata_mt_helper+0x39/0xb0 [ 10.018084] process_one_work+0x174/0x330 [ 10.018093] worker_thread+0x266/0x3a0 [ 10.018111] kthread+0xcf/0x100 [ 10.018124] ret_from_fork+0x31/0x50 [ 10.018138] ret_from_fork_asm+0x1a/0x30 [ 10.018147] </TASK> Looking at the padata_mt_helper() function, the only way a divide-by-0 panic can happen is when ps->chunk_size is 0. The way that chunk_size is initialized in padata_do_multithreaded(), chunk_size can be 0 when the min_chunk in the passed-in padata_mt_job structure is 0. Fix this divide-by-0 panic by making sure that chunk_size will be at least 1 no matter what the input parameters are.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2024-43889 is a Linux kernel reliability bug that can crash the system with a divide-by-zero panic in padata multithreaded work during boot. The public record describes a hard-to-reproduce boot-time panic, not data theft or remote code execution.

Executive priority

Treat this as an availability-risk kernel update, not an emergency exploitation event based on current evidence. Prioritize normal kernel patch cycles, with higher urgency for systems where unexpected boot failure would affect operations or recovery objectives.

Technical view

The flaw is in padata_mt_helper(). If padata_do_multithreaded() receives a padata_mt_job with min_chunk set to 0, ps->chunk_size can become 0, causing a divide-by-zero panic. Kernel stable commits ensure chunk_size is at least 1.

Likely exposure

Exposure is mainly Linux systems running affected kernel versions or vendor products incorporating those kernels. The bundle also cites Debian LTS and Siemens advisories, so appliance and embedded Linux deployments should be checked through vendor guidance.

Exploitation context

The source bundle does not identify active exploitation, public weaponization, or KEV listing. The described failure was observed as a difficult-to-reproduce boot-time kernel panic, suggesting availability impact when the vulnerable code path is reached.

Researcher notes

Evidence is limited to the CVE record, Linux stable fixes, and vendor advisories. No CVSS, CWE, exploit status, or detailed affected product matrix is provided in the bundle beyond Linux kernel version information and cited vendor notices.

Mitigation direction

  • Apply kernel or distribution updates containing the referenced stable fixes.
  • Check Debian LTS advisories for package-specific fixed versions.
  • For Siemens products, follow the cited Siemens ProductCERT advisories.
  • If no vendor patch is available, request vendor guidance before relying on workarounds.
  • Plan reboot validation because the reported panic occurred during boot.

Validation and detection

  • Inventory Linux kernel versions across servers, appliances, and images.
  • Confirm installed kernels include the referenced stable commit or vendor backport.
  • Review boot logs for padata_mt_helper divide errors or kernel panics.
  • Check Debian and Siemens advisory applicability for managed products.
  • Verify updated systems boot cleanly after kernel deployment.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-43889 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
12Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux004ed42638f4428e70ead59d170f3d17ff761a0f, 004ed42638f4428e70ead59d170f3d17ff761a0f, 004ed42638f4428e70ead59d170f3d17ff761a0f, 004ed42638f4428e70ead59d170f3d17ff761a0f, 004ed42638f4428e70ead59d170f3d17ff761a0f, 004ed42638f4428e70ead59d170f3d17ff761a0funaffected
LinuxLinux5.8, 0, 5.10.224, 5.15.165, 6.1.105, 6.6.46, 6.10.5, 6.11affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.