SB2024060897 - Division by zero in Linux kernel usb storage driver
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024060897
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Division by zero (CVE-ID: CVE-2024-27059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/9968c701cba7eda42e5f0052b040349d6222ae34
- https://git.kernel.org/stable/c/eb7b01ca778170654e1c76950024270ba74b121f
- https://git.kernel.org/stable/c/284fb1003d5da111019b9e0bf99b084fd71ac133
- https://git.kernel.org/stable/c/6c1f36d92c0a8799569055012665d2bb066fb964
- https://git.kernel.org/stable/c/f42ba916689f5c7b1642092266d2f53cf527aaaa
- https://git.kernel.org/stable/c/871fd7b10b56d280990b7e754f43d888382ca325
- https://git.kernel.org/stable/c/3a67d4ab9e730361d183086dfb0ddd8c61f01636
- https://git.kernel.org/stable/c/014bcf41d946b36a8f0b8e9b5d9529efbb822f49
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8