2024-05-01 14:03:31 +00:00
{
"id" : "CVE-2024-27059" ,
"sourceIdentifier" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"published" : "2024-05-01T13:15:50.493" ,
2025-01-14 15:04:06 +00:00
"lastModified" : "2025-01-14T14:36:42.747" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2024-05-01 14:03:31 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usb-storage: Prevent divide-by-0 error in isd200_ata_command\n\nThe isd200 sub-driver in usb-storage uses the HEADS and SECTORS values\nin the ATA ID information to calculate cylinder and head values when\ncreating a CDB for READ or WRITE commands. The calculation involves\ndivision and modulus operations, which will cause a crash if either of\nthese values is 0. While this never happens with a genuine device, it\ncould happen with a flawed or subversive emulation, as reported by the\nsyzbot fuzzer.\n\nProtect against this possibility by refusing to bind to the device if\neither the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID\ninformation is 0. This requires isd200_Initialization() to return a\nnegative error code when initialization fails; currently it always\nreturns 0 (even when there is an error)."
2024-05-05 02:03:23 +00:00
} ,
{
"lang" : "es" ,
"value" : "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: almacenamiento-usb: evita el error de divisi\u00f3n por 0 en isd200_ata_command El subcontrolador isd200 en almacenamiento-usb utiliza los valores HEADS y SECTORES en la informaci\u00f3n de ID de ATA para calcular el cilindro y valores principales al crear un CDB para comandos LEER o ESCRIBIR. El c\u00e1lculo implica operaciones de divisi\u00f3n y m\u00f3dulo, lo que provocar\u00e1 un bloqueo si cualquiera de estos valores es 0. Si bien esto nunca sucede con un dispositivo genuino, podr\u00eda suceder con una emulaci\u00f3n defectuosa o subversiva, seg\u00fan lo informado por syzbot fuzzer. Prot\u00e9jase contra esta posibilidad neg\u00e1ndose a vincularse al dispositivo si el valor ATA_ID_HEADS o ATA_ID_SECTORS en la informaci\u00f3n de ID del dispositivo es 0. Esto requiere que isd200_Initialization() devuelva un c\u00f3digo de error negativo cuando falla la inicializaci\u00f3n; actualmente siempre devuelve 0 (incluso cuando hay un error)."
2024-05-01 14:03:31 +00:00
}
] ,
2025-01-14 15:04:06 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" ,
"baseScore" : 5.5 ,
"baseSeverity" : "MEDIUM" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 3.6
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-369"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.6.12" ,
"versionEndExcluding" : "4.19.312" ,
"matchCriteriaId" : "0E489D47-7C41-43B5-A426-E0D8822EFB5A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.20" ,
"versionEndExcluding" : "5.4.274" ,
"matchCriteriaId" : "F45A0F3C-C16D-49C4-86D6-D021C3D4B834"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.5" ,
"versionEndExcluding" : "5.10.215" ,
"matchCriteriaId" : "9CD5894E-58E9-4B4A-B0F4-3E6BC134B8F5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.11" ,
"versionEndExcluding" : "5.15.154" ,
"matchCriteriaId" : "577E212E-7E95-4A71-9B5C-F1D1A3AFFF46"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.16" ,
"versionEndExcluding" : "6.1.84" ,
"matchCriteriaId" : "834D9BD5-42A6-4D74-979E-4D6D93F630FD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.2" ,
"versionEndExcluding" : "6.6.64" ,
"matchCriteriaId" : "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.7" ,
"versionEndExcluding" : "6.7.12" ,
"matchCriteriaId" : "6BE9771A-BAFD-4624-95F9-58D536540C53"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*" ,
"matchCriteriaId" : "B9F4EA73-0894-400F-A490-3A397AB7A517"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*" ,
"matchCriteriaId" : "056BD938-0A27-4569-B391-30578B309EE3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*" ,
"matchCriteriaId" : "F02056A5-B362-4370-9FF8-6F0BD384D520"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*" ,
"matchCriteriaId" : "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*" ,
"matchCriteriaId" : "A780F817-2A77-4130-A9B7-5C25606314E3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*" ,
"matchCriteriaId" : "AEB9199B-AB8F-4877-8964-E2BA95B5F15C"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
] ,
2024-05-01 14:03:31 +00:00
"references" : [
{
"url" : "https://git.kernel.org/stable/c/014bcf41d946b36a8f0b8e9b5d9529efbb822f49" ,
2025-01-14 15:04:06 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-05-01 14:03:31 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/284fb1003d5da111019b9e0bf99b084fd71ac133" ,
2025-01-14 15:04:06 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-05-01 14:03:31 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/3a67d4ab9e730361d183086dfb0ddd8c61f01636" ,
2025-01-14 15:04:06 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-05-01 14:03:31 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/6c1f36d92c0a8799569055012665d2bb066fb964" ,
2025-01-14 15:04:06 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-05-01 14:03:31 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/871fd7b10b56d280990b7e754f43d888382ca325" ,
2025-01-14 15:04:06 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-05-01 14:03:31 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/9968c701cba7eda42e5f0052b040349d6222ae34" ,
2025-01-14 15:04:06 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-05-01 14:03:31 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/eb7b01ca778170654e1c76950024270ba74b121f" ,
2025-01-14 15:04:06 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-05-01 14:03:31 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/f42ba916689f5c7b1642092266d2f53cf527aaaa" ,
2025-01-14 15:04:06 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/014bcf41d946b36a8f0b8e9b5d9529efbb822f49" ,
2025-01-14 15:04:06 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/284fb1003d5da111019b9e0bf99b084fd71ac133" ,
2025-01-14 15:04:06 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/3a67d4ab9e730361d183086dfb0ddd8c61f01636" ,
2025-01-14 15:04:06 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/6c1f36d92c0a8799569055012665d2bb066fb964" ,
2025-01-14 15:04:06 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/871fd7b10b56d280990b7e754f43d888382ca325" ,
2025-01-14 15:04:06 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/9968c701cba7eda42e5f0052b040349d6222ae34" ,
2025-01-14 15:04:06 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/eb7b01ca778170654e1c76950024270ba74b121f" ,
2025-01-14 15:04:06 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/f42ba916689f5c7b1642092266d2f53cf527aaaa" ,
2025-01-14 15:04:06 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" ,
2025-01-14 15:04:06 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" ,
2025-01-14 15:04:06 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List"
]
2024-05-01 14:03:31 +00:00
}
]
}
