CVE-2024-47664: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47664 affects the Linux kernel's SPI subsystem, specifically the HiSilicon Kunpeng SPI driver. The vulnerability was discovered when it was found that if the max_speed_hz value provided by firmware is 0, it could cause a division by zero error in the hisi_calc_effective_speed() function. The issue affects Linux kernel versions up to (excluding) 6.6.51 and versions from 6.7 up to (excluding) 6.10.10 (NVD).

The vulnerability exists in the HiSilicon Kunpeng SPI driver where the max_speed_hz parameter, which is provided by firmware, is not properly validated. While firmware is generally considered a trusted domain, a value of 0 for max_speed_hz can trigger a division by zero error in the hisi_calc_effective_speed() function. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

If exploited, this vulnerability could cause a system failure through a division by zero error. The impact is limited to denial of service, with no direct impact on confidentiality or integrity of the system (NVD).

The vulnerability has been patched by adding validation for the max_speed_hz value. The fix includes a check that returns an error code if the value is 0. The patch has been implemented in various Linux distributions, including Ubuntu 24.04 LTS and 22.04 LTS with kernel version 6.8.0-50.51 (Kernel Patch).