Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-27059 |
CWE-ID | CWE-369 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU91374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27059
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/9968c701cba7eda42e5f0052b040349d6222ae34
http://git.kernel.org/stable/c/eb7b01ca778170654e1c76950024270ba74b121f
http://git.kernel.org/stable/c/284fb1003d5da111019b9e0bf99b084fd71ac133
http://git.kernel.org/stable/c/6c1f36d92c0a8799569055012665d2bb066fb964
http://git.kernel.org/stable/c/f42ba916689f5c7b1642092266d2f53cf527aaaa
http://git.kernel.org/stable/c/871fd7b10b56d280990b7e754f43d888382ca325
http://git.kernel.org/stable/c/3a67d4ab9e730361d183086dfb0ddd8c61f01636
http://git.kernel.org/stable/c/014bcf41d946b36a8f0b8e9b5d9529efbb822f49
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.