CVE-2024-47664 is a vulnerability identified in the Linux kernel specifically related to the SPI (Serial Peripheral Interface) driver for the HiSilicon Kunpeng platform. The issue arises from the handling of the max_speed_hz parameter, which is provided by the system firmware and represents the maximum SPI clock frequency. If this value is set to zero, it leads to a division by zero error in the function hisi_calc_effective_speed(). Since firmware is generally trusted, this value was previously not validated, allowing a zero value to cause a runtime error. This division by zero can cause the affected system to crash or become unstable, resulting in a denial of service (DoS) condition. The vulnerability was addressed by adding validation logic to reject zero values for max_speed_hz, returning an error code instead of proceeding with the calculation. This fix prevents the division by zero and improves the robustness of the SPI driver against malformed or malicious firmware inputs. The vulnerability affects specific Linux kernel versions containing the vulnerable commit (c770d8631e1810d8f1ce21b18ad5dd67eeb39e5c) and was published on October 9, 2024. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.

For European organizations, this vulnerability primarily poses a risk of system instability or denial of service on Linux systems running on HiSilicon Kunpeng hardware or similar platforms using the affected SPI driver. Such systems are often found in data centers, telecommunications infrastructure, and enterprise servers. A successful exploitation could disrupt critical services by causing kernel crashes or reboots, impacting availability. Although the vulnerability does not directly expose confidentiality or integrity risks, the resulting downtime could affect business operations, especially in sectors relying on high availability such as finance, healthcare, and public services. Since the vulnerability depends on firmware-provided values, exploitation would require either compromised firmware or an attacker capable of influencing firmware parameters, which is a higher bar than typical remote exploits. However, organizations using Kunpeng-based Linux servers should be aware of the risk and apply patches promptly to prevent potential denial of service scenarios.

1. Apply the latest Linux kernel updates that include the patch validating max_speed_hz to reject zero values, thereby preventing the division by zero error. 2. Verify and update firmware on affected hardware to ensure it does not provide invalid max_speed_hz values. 3. Implement monitoring for kernel crashes or unusual SPI driver errors that could indicate attempts to exploit this vulnerability. 4. Restrict firmware update processes to trusted personnel and secure supply chains to prevent malicious firmware modifications. 5. For critical systems, consider implementing kernel live patching solutions to minimize downtime during patch deployment. 6. Conduct regular security audits and vulnerability scans focusing on kernel and firmware integrity on Kunpeng-based Linux systems.