5.5
CVE-2024-27059
- EPSS 0.24%
- Veröffentlicht 01.05.2024 13:15:50
- Zuletzt bearbeitet 12.05.2026 12:16:31
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when creating a CDB for READ or WRITE commands. The calculation involves division and modulus operations, which will cause a crash if either of these values is 0. While this never happens with a genuine device, it could happen with a flawed or subversive emulation, as reported by the syzbot fuzzer. Protect against this possibility by refusing to bind to the device if either the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID information is 0. This requires isd200_Initialization() to return a negative error code when initialization fails; currently it always returns 0 (even when there is an error).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.12 < 4.19.312
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.274
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.215
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.154
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.84
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.64
Linux ≫ Linux Kernel Version >= 6.7 < 6.7.12
Linux ≫ Linux Kernel Version6.8 Updaterc1
Linux ≫ Linux Kernel Version6.8 Updaterc2
Linux ≫ Linux Kernel Version6.8 Updaterc3
Linux ≫ Linux Kernel Version6.8 Updaterc4
Linux ≫ Linux Kernel Version6.8 Updaterc5
Linux ≫ Linux Kernel Version6.8 Updaterc6
Debian ≫ Debian Linux Version10.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.151 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-369 Divide By Zero
The product divides a value by zero.
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://git.kernel.org/stable/c/014bcf41d946b36a8f0b8e9b5d9529efbb822f49
https://git.kernel.org/stable/c/284fb1003d5da111019b9e0bf99b084fd71ac133
https://git.kernel.org/stable/c/3a67d4ab9e730361d183086dfb0ddd8c61f01636
https://git.kernel.org/stable/c/6c1f36d92c0a8799569055012665d2bb066fb964
https://git.kernel.org/stable/c/871fd7b10b56d280990b7e754f43d888382ca325
https://git.kernel.org/stable/c/9968c701cba7eda42e5f0052b040349d6222ae34
https://git.kernel.org/stable/c/eb7b01ca778170654e1c76950024270ba74b121f
https://git.kernel.org/stable/c/f42ba916689f5c7b1642092266d2f53cf527aaaa
https://cert-portal.siemens.com/productcert/html/ssa-265688.html