{
  "threat_severity" : "Low",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: block, bfq: Fix division by zero error on zero wsum",
    "id" : "2426210",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426210"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-369",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nblock, bfq: Fix division by zero error on zero wsum\nWhen the weighted sum is zero the calculation of limit causes\na division by zero error. Fix this by continuing to the next level.\nThis was discovered by running as root:\nstress-ng --ioprio 0\nFixes divison by error oops:\n[  521.450556] divide error: 0000 [#1] SMP NOPTI\n[  521.450766] CPU: 2 PID: 2684464 Comm: stress-ng-iopri Not tainted 6.2.1-1280.native #1\n[  521.451117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014\n[  521.451627] RIP: 0010:bfqq_request_over_limit+0x207/0x400\n[  521.451875] Code: 01 48 8d 0c c8 74 0b 48 8b 82 98 00 00 00 48 8d 0c c8 8b 85 34 ff ff ff 48 89 ca 41 0f af 41 50 48 d1 ea 48 98 48 01 d0 31 d2 <48> f7 f1 41 39 41 48 89 85 34 ff ff ff 0f 8c 7b 01 00 00 49 8b 44\n[  521.452699] RSP: 0018:ffffb1af84eb3948 EFLAGS: 00010046\n[  521.452938] RAX: 000000000000003c RBX: 0000000000000000 RCX: 0000000000000000\n[  521.453262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb1af84eb3978\n[  521.453584] RBP: ffffb1af84eb3a30 R08: 0000000000000001 R09: ffff8f88ab8a4ba0\n[  521.453905] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8f88ab8a4b18\n[  521.454224] R13: ffff8f8699093000 R14: 0000000000000001 R15: ffffb1af84eb3970\n[  521.454549] FS:  00005640b6b0b580(0000) GS:ffff8f88b3880000(0000) knlGS:0000000000000000\n[  521.454912] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  521.455170] CR2: 00007ffcbcae4e38 CR3: 00000002e46de001 CR4: 0000000000770ee0\n[  521.455491] PKRU: 55555554\n[  521.455619] Call Trace:\n[  521.455736]  <TASK>\n[  521.455837]  ? bfq_request_merge+0x3a/0xc0\n[  521.456027]  ? elv_merge+0x115/0x140\n[  521.456191]  bfq_limit_depth+0xc8/0x240\n[  521.456366]  __blk_mq_alloc_requests+0x21a/0x2c0\n[  521.456577]  blk_mq_submit_bio+0x23c/0x6c0\n[  521.456766]  __submit_bio+0xb8/0x140\n[  521.457236]  submit_bio_noacct_nocheck+0x212/0x300\n[  521.457748]  submit_bio_noacct+0x1a6/0x580\n[  521.458220]  submit_bio+0x43/0x80\n[  521.458660]  ext4_io_submit+0x23/0x80\n[  521.459116]  ext4_do_writepages+0x40a/0xd00\n[  521.459596]  ext4_writepages+0x65/0x100\n[  521.460050]  do_writepages+0xb7/0x1c0\n[  521.460492]  __filemap_fdatawrite_range+0xa6/0x100\n[  521.460979]  file_write_and_wait_range+0xbf/0x140\n[  521.461452]  ext4_sync_file+0x105/0x340\n[  521.461882]  __x64_sys_fsync+0x67/0x100\n[  521.462305]  ? syscall_exit_to_user_mode+0x2c/0x1c0\n[  521.462768]  do_syscall_64+0x3b/0xc0\n[  521.463165]  entry_SYSCALL_64_after_hwframe+0x5a/0xc4\n[  521.463621] RIP: 0033:0x5640b6c56590\n[  521.464006] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 80 3d 71 70 0e 00 00 74 17 b8 4a 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c", "A division by zero error was found in the BFQ I/O scheduler. When the weighted sum of I/O priorities becomes zero, the limit calculation divides by zero, causing a kernel crash." ],
  "statement" : "Triggering this requires root privileges to manipulate I/O priorities in specific ways using tools like stress-ng. Standard workloads do not create zero-weighted-sum conditions in the BFQ scheduler.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54242\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54242\nhttps://lore.kernel.org/linux-cve-announce/2025123034-CVE-2023-54242-9771@gregkh/T" ],
  "name" : "CVE-2023-54242",
  "csaw" : false
}