ID

VAR-202408-2717


CVE

CVE-2024-43893


TITLE

Linux  of  Linux Kernel  Division by zero vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-007776

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor(). The check for uartclk being zero in uart_set_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set. Oops: divide error: 0000 PREEMPT SMP KASAN PTI RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580) Call Trace: <TASK> serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576 drivers/tty/serial/8250/8250_port.c:2589) serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502 drivers/tty/serial/8250/8250_port.c:2741) serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862) uart_change_line_settings (./include/linux/spinlock.h:376 ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222) uart_port_startup (drivers/tty/serial/serial_core.c:342) uart_startup (drivers/tty/serial/serial_core.c:368) uart_set_info (drivers/tty/serial/serial_core.c:1034) uart_set_info_user (drivers/tty/serial/serial_core.c:1059) tty_set_serial (drivers/tty/tty_io.c:2637) tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791) __x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907 fs/ioctl.c:893 fs/ioctl.c:893) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Rule: add. Linux of Linux Kernel Is vulnerable to division by zero.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues

Trust: 2.7

sources: NVD: CVE-2024-43893 // JVNDB: JVNDB-2024-007776 // CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:6.11

Trust: 1.8

vendor:linuxmodel:kernelscope:ltversion:5.4.282

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.5

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.10.5

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.2

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.16

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.320

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.165

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.1.105

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.6.46

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.224

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:5.5 that's all 5.10.224

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.20 that's all 5.4.282

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion: -

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.2 that's all 6.6.46

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.16 that's all 6.1.105

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.7 that's all 6.10.5

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.11 that's all 5.15.165

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.19.320

Trust: 0.8

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-007776 // NVD: CVE-2024-43893

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-43893
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-43893
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-19346
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19350
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19346
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2025-19350
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-43893
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-43893
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-007776 // NVD: CVE-2024-43893

PROBLEMTYPE DATA

problemtype:CWE-369

Trust: 1.0

problemtype:Division by zero (CWE-369) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-007776 // NVD: CVE-2024-43893

PATCH

title:Linux Kernel Archivesurl:https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba

Trust: 0.8

title:Patch for Multiple vulnerabilities in Siemens SINEC OS third-party componentsurl:https://www.cnvd.org.cn/patchInfo/show/723071

Trust: 0.6

title:Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlierurl:https://www.cnvd.org.cn/patchInfo/show/723061

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-007776

EXTERNAL IDS

db:NVDid:CVE-2024-43893

Trust: 2.6

db:SIEMENSid:SSA-613116

Trust: 1.6

db:SIEMENSid:SSA-355557

Trust: 1.6

db:SIEMENSid:SSA-265688

Trust: 1.0

db:JVNid:JVNVU92169998

Trust: 0.8

db:ICS CERTid:ICSA-25-226-07

Trust: 0.8

db:JVNDBid:JVNDB-2024-007776

Trust: 0.8

db:CNVDid:CNVD-2025-19346

Trust: 0.6

db:CNVDid:CNVD-2025-19350

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-007776 // NVD: CVE-2024-43893

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-613116.html

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Trust: 1.6

url:https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193

Trust: 1.0

url:https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f

Trust: 1.0

url:https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8

Trust: 1.0

url:https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e

Trust: 1.0

url:https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Trust: 1.0

url:https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2

Trust: 1.0

url:https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

Trust: 1.0

url:https://jvn.jp/vu/jvnvu92169998/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-43893

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07

Trust: 0.8

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-007776 // NVD: CVE-2024-43893

SOURCES

db:CNVDid:CNVD-2025-19346
db:CNVDid:CNVD-2025-19350
db:JVNDBid:JVNDB-2024-007776
db:NVDid:CVE-2024-43893

LAST UPDATE DATE

2026-06-19T21:17:47.407000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19346date:2025-08-22T00:00:00
db:CNVDid:CNVD-2025-19350date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2024-007776date:2025-09-02T02:37:00
db:NVDid:CVE-2024-43893date:2026-05-12T12:17:08.743

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19346date:2025-08-12T00:00:00
db:CNVDid:CNVD-2025-19350date:2025-08-12T00:00:00
db:JVNDBid:JVNDB-2024-007776date:2024-09-11T00:00:00
db:NVDid:CVE-2024-43893date:2024-08-26T11:15:04.213