#VU91374 Division by zero in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91374

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27059

CWE-ID: CWE-369

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/9968c701cba7eda42e5f0052b040349d6222ae34
http://git.kernel.org/stable/c/eb7b01ca778170654e1c76950024270ba74b121f
http://git.kernel.org/stable/c/284fb1003d5da111019b9e0bf99b084fd71ac133
http://git.kernel.org/stable/c/6c1f36d92c0a8799569055012665d2bb066fb964
http://git.kernel.org/stable/c/f42ba916689f5c7b1642092266d2f53cf527aaaa
http://git.kernel.org/stable/c/871fd7b10b56d280990b7e754f43d888382ca325
http://git.kernel.org/stable/c/3a67d4ab9e730361d183086dfb0ddd8c61f01636
http://git.kernel.org/stable/c/014bcf41d946b36a8f0b8e9b5d9529efbb822f49

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 8 update for kernel-rt
openEuler 22.03 LTS update for kernel
Division by zero in Linux kernel usb storage driver