CVE-2024-50205

ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()

The step variable is initialized to zero. It is changed in the loop,
but if it's not changed it will remain zero. Add a variable check
before the division.

The observed behavior was introduced by commit 826b5de90c0b
("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"),
and it is difficult to show that any of the interval parameters will
satisfy the snd_interval_test() condition with data from the
amdtp_rate_table[] table.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-08 CVE Published
2024-11-14 EPSS Updated
2024-11-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/826b5de90c0bca4e9de6231da9e1730480621588	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d575414361630b8b0523912532fcd7c79e43468c	2024-11-08
https://git.kernel.org/stable/c/5e431f85c87bbffd93a9830d5a576586f9855291	2024-11-08
https://git.kernel.org/stable/c/7d4eb9e22131ec154e638cbd56629195c9bcbe9a	2024-11-01
https://git.kernel.org/stable/c/d2826873db70a6719cdd9212a6739f3e6234cfc4	2024-11-01
https://git.kernel.org/stable/c/4bdc21506f12b2d432b1f2667e5ff4c75eee58e3	2024-11-01
https://git.kernel.org/stable/c/3452d39c4704aa12504e4190298c721fb01083c3	2024-11-01
https://git.kernel.org/stable/c/72cafe63b35d06b5cfbaf807e90ae657907858da	2024-10-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.4.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.10.229 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.10.229"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.15.170 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.15.170"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 6.1.115 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.1.115"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 6.6.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.6.59"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 6.11.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.11.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.12"		en		Affected