CVE-2024-49888: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49888 addresses a signed division overflow vulnerability in the Linux kernel's BPF subsystem. The issue was discovered by Zac Ecob and reported when a BPF program could cause a kernel crash due to a divide error. The vulnerability affects Linux kernel versions up to (excluding) 6.10.14 and versions from 6.11 up to (excluding) 6.11.3 (NVD).

The vulnerability occurs during signed division operations where LLONGMIN/-1 causes an overflow. For 64-bit systems, LLONGMIN equals -9,223,372,036,854,775,808, and when divided by -1, should yield 9,223,372,036,854,775,808. However, this result exceeds the maximum positive number (9,223,372,036,854,775,807) possible in a 64-bit system. On x8664 platforms, this causes a kernel exception, while on arm64, LLONGMIN/-1 results in LLONGMIN. The vulnerability affects multiple operation types including LLONGMIN/-1 for 64bit operations, INT_MIN/-1 for 32bit operations, and their modulo counterparts (Kernel Patch).

When exploited, this vulnerability can cause a kernel crash with the error 'Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI'. This affects system stability and could potentially lead to denial of service conditions (NVD).

The vulnerability has been patched in the Linux kernel through instruction patching that handles sdiv/smod exceptions for both divisor -1 and divisor 0 cases. The patch aligns the behavior with arm64 results across all platforms. Updates are available in kernel version 6.10.14 and 6.11.3 (Kernel Patch).