CVE-2024-38619
usb-storage: alauda: Check whether the media is initialized
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
usb-storage: alauda: Check whether the media is initialized
The member "uzonesize" of struct alauda_info will remain 0
if alauda_init_media() fails, potentially causing divide errors
in alauda_read_data() and alauda_write_lba().
- Add a member "media_initialized" to struct alauda_info.
- Change a condition in alauda_check_media() to ensure the
first initialization.
- Add an error check for the return value of alauda_init_media().
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: usb-storage: alauda: compruebe si el medio está inicializado. El miembro "uzonesize" de la estructura alauda_info permanecerá 0 si alauda_init_media() falla, lo que podría provocar errores de división en alauda_read_data() y alauda_write_lba(). - Agregue un miembro "media_initialized" a la estructura alauda_info. - Cambiar una condición en alauda_check_media() para asegurar la primera inicialización. - Agregue una verificación de errores para el valor de retorno de alauda_init_media().
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-18 CVE Reserved
- 2024-06-20 CVE Published
- 2024-07-05 EPSS Updated
- 2024-11-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-457: Use of Uninitialized Variable
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/e80b0fade09ef1ee67b0898d480d4c588f124d5f | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-38619 | 2024-09-24 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2293273 | 2024-09-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.16 < 4.19.317 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 4.19.317" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.16 < 5.4.279 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 5.4.279" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.16 < 5.10.221 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 5.10.221" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.16 < 5.15.162 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 5.15.162" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.16 < 6.1.95 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.1.95" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.16 < 6.6.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.6.35" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.16 < 6.9.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.9.6" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.16 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.10" | en |
Affected
| ||||||