CVE-2024-27059

USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command

The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values
in the ATA ID information to calculate cylinder and head values when
creating a CDB for READ or WRITE commands. The calculation involves
division and modulus operations, which will cause a crash if either of
these values is 0. While this never happens with a genuine device, it
could happen with a flawed or subversive emulation, as reported by the
syzbot fuzzer.

Protect against this possibility by refusing to bind to the device if
either the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID
information is 0. This requires isd200_Initialization() to return a
negative error code when initialization fails; currently it always
returns 0 (even when there is an error).

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: almacenamiento-usb: evita el error de división por 0 en isd200_ata_command El subcontrolador isd200 en almacenamiento-usb utiliza los valores HEADS y SECTORES en la información de ID de ATA para calcular el cilindro y valores principales al crear un CDB para comandos LEER o ESCRIBIR. El cálculo implica operaciones de división y módulo, lo que provocará un bloqueo si cualquiera de estos valores es 0. Si bien esto nunca sucede con un dispositivo genuino, podría suceder con una emulación defectuosa o subversiva, según lo informado por syzbot fuzzer. Protéjase contra esta posibilidad negándose a vincularse al dispositivo si el valor ATA_ID_HEADS o ATA_ID_SECTORS en la información de ID del dispositivo es 0. Esto requiere que isd200_Initialization() devuelva un código de error negativo cuando falla la inicialización; actualmente siempre devuelve 0 (incluso cuando hay un error).

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2024-05-02 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9968c701cba7eda42e5f0052b040349d6222ae34	2024-04-13
https://git.kernel.org/stable/c/eb7b01ca778170654e1c76950024270ba74b121f	2024-04-13
https://git.kernel.org/stable/c/284fb1003d5da111019b9e0bf99b084fd71ac133	2024-04-13
https://git.kernel.org/stable/c/6c1f36d92c0a8799569055012665d2bb066fb964	2024-04-10
https://git.kernel.org/stable/c/f42ba916689f5c7b1642092266d2f53cf527aaaa	2024-04-03
https://git.kernel.org/stable/c/871fd7b10b56d280990b7e754f43d888382ca325	2024-04-03
https://git.kernel.org/stable/c/3a67d4ab9e730361d183086dfb0ddd8c61f01636	2024-04-03
https://git.kernel.org/stable/c/014bcf41d946b36a8f0b8e9b5d9529efbb822f49	2024-03-02

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-27059	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2278398	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 4.19.312 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 4.19.312"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 5.4.274 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 5.4.274"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 5.10.215 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 5.10.215"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 5.15.154 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 5.15.154"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.1.84 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.1.84"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.6.24 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.6.24"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.7.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.7.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.8"		en		Affected