#VU102216 Division by zero in Linux kernel - CVE-2024-56567

Vulnerability identifier: #VU102216

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56567

CWE-ID: CWE-369

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad7780_write_raw() function in drivers/iio/adc/ad7780.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/022e13518ba6cc1b4fdd291f49e4f57b2d5718e0
https://git.kernel.org/stable/c/18fb33df1de83a014d7f784089f9b124facc157f
https://git.kernel.org/stable/c/68e79b848196a0b0ec006009cc69da1f835d1ae8
https://git.kernel.org/stable/c/7e3a8ea3d1ada7f707de5d9d504774b4191eab66
https://git.kernel.org/stable/c/afc1e3c00b3f5f0b4f1bc3e974fb9803cb938a90
https://git.kernel.org/stable/c/c174b53e95adf2eece2afc56cd9798374919f99a
https://git.kernel.org/stable/c/f25a9f1df1f6738acf1fa05595fb6060a2c08ff1

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.