Ubuntu: (Multiple Advisories) (CVE-2024-27059): Linux kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-27059): Linux kernel vulnerabilities

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

05/01/2024

Created

07/15/2024

Added

07/15/2024

Modified

01/30/2025

Description

In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when creating a CDB for READ or WRITE commands.The calculation involves division and modulus operations, which will cause a crash if either of these values is 0.While this never happens with a genuine device, it could happen with a flawed or subversive emulation, as reported by the syzbot fuzzer. Protect against this possibility by refusing to bind to the device if either the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID information is 0.This requires isd200_Initialization() to return a negative error code when initialization fails; currently it always returns 0 (even when there is an error).

Solution(s)

• ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp
• ubuntu-upgrade-linux-image-5-15-0-1048-gkeop
• ubuntu-upgrade-linux-image-5-15-0-1058-ibm
• ubuntu-upgrade-linux-image-5-15-0-1058-raspi
• ubuntu-upgrade-linux-image-5-15-0-1060-intel-iotg
• ubuntu-upgrade-linux-image-5-15-0-1060-nvidia
• ubuntu-upgrade-linux-image-5-15-0-1060-nvidia-lowlatency
• ubuntu-upgrade-linux-image-5-15-0-1062-gke
• ubuntu-upgrade-linux-image-5-15-0-1062-kvm
• ubuntu-upgrade-linux-image-5-15-0-1063-oracle
• ubuntu-upgrade-linux-image-5-15-0-1064-gcp
• ubuntu-upgrade-linux-image-5-15-0-1065-aws
• ubuntu-upgrade-linux-image-5-15-0-1065-gcp
• ubuntu-upgrade-linux-image-5-15-0-1068-azure
• ubuntu-upgrade-linux-image-5-15-0-1068-azure-fde
• ubuntu-upgrade-linux-image-5-15-0-116-generic
• ubuntu-upgrade-linux-image-5-15-0-116-generic-64k
• ubuntu-upgrade-linux-image-5-15-0-116-generic-lpae
• ubuntu-upgrade-linux-image-5-15-0-116-lowlatency
• ubuntu-upgrade-linux-image-5-15-0-116-lowlatency-64k
• ubuntu-upgrade-linux-image-5-4-0-1040-iot
• ubuntu-upgrade-linux-image-5-4-0-1047-xilinx-zynqmp
• ubuntu-upgrade-linux-image-5-4-0-1075-ibm
• ubuntu-upgrade-linux-image-5-4-0-1088-bluefield
• ubuntu-upgrade-linux-image-5-4-0-1095-gkeop
• ubuntu-upgrade-linux-image-5-4-0-1112-raspi
• ubuntu-upgrade-linux-image-5-4-0-1116-kvm
• ubuntu-upgrade-linux-image-5-4-0-1127-oracle
• ubuntu-upgrade-linux-image-5-4-0-1128-aws
• ubuntu-upgrade-linux-image-5-4-0-1132-gcp
• ubuntu-upgrade-linux-image-5-4-0-1133-azure
• ubuntu-upgrade-linux-image-5-4-0-189-generic
• ubuntu-upgrade-linux-image-5-4-0-189-generic-lpae
• ubuntu-upgrade-linux-image-5-4-0-189-lowlatency
• ubuntu-upgrade-linux-image-aws
• ubuntu-upgrade-linux-image-aws-lts-20-04
• ubuntu-upgrade-linux-image-aws-lts-22-04
• ubuntu-upgrade-linux-image-azure
• ubuntu-upgrade-linux-image-azure-cvm
• ubuntu-upgrade-linux-image-azure-fde
• ubuntu-upgrade-linux-image-azure-fde-lts-22-04
• ubuntu-upgrade-linux-image-azure-lts-20-04
• ubuntu-upgrade-linux-image-azure-lts-22-04
• ubuntu-upgrade-linux-image-bluefield
• ubuntu-upgrade-linux-image-gcp
• ubuntu-upgrade-linux-image-gcp-lts-20-04
• ubuntu-upgrade-linux-image-gcp-lts-22-04
• ubuntu-upgrade-linux-image-generic
• ubuntu-upgrade-linux-image-generic-64k
• ubuntu-upgrade-linux-image-generic-64k-hwe-20-04
• ubuntu-upgrade-linux-image-generic-hwe-18-04
• ubuntu-upgrade-linux-image-generic-hwe-20-04
• ubuntu-upgrade-linux-image-generic-lpae
• ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04
• ubuntu-upgrade-linux-image-gke
• ubuntu-upgrade-linux-image-gke-5-15
• ubuntu-upgrade-linux-image-gkeop
• ubuntu-upgrade-linux-image-gkeop-5-15
• ubuntu-upgrade-linux-image-gkeop-5-4
• ubuntu-upgrade-linux-image-ibm
• ubuntu-upgrade-linux-image-ibm-lts-20-04
• ubuntu-upgrade-linux-image-intel
• ubuntu-upgrade-linux-image-intel-iotg
• ubuntu-upgrade-linux-image-kvm
• ubuntu-upgrade-linux-image-lowlatency
• ubuntu-upgrade-linux-image-lowlatency-64k
• ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
• ubuntu-upgrade-linux-image-lowlatency-hwe-18-04
• ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
• ubuntu-upgrade-linux-image-nvidia
• ubuntu-upgrade-linux-image-nvidia-lowlatency
• ubuntu-upgrade-linux-image-oem
• ubuntu-upgrade-linux-image-oem-20-04
• ubuntu-upgrade-linux-image-oem-20-04b
• ubuntu-upgrade-linux-image-oem-20-04c
• ubuntu-upgrade-linux-image-oem-20-04d
• ubuntu-upgrade-linux-image-oem-osp1
• ubuntu-upgrade-linux-image-oracle
• ubuntu-upgrade-linux-image-oracle-lts-20-04
• ubuntu-upgrade-linux-image-oracle-lts-22-04
• ubuntu-upgrade-linux-image-raspi
• ubuntu-upgrade-linux-image-raspi-hwe-18-04
• ubuntu-upgrade-linux-image-raspi-nolpae
• ubuntu-upgrade-linux-image-raspi2
• ubuntu-upgrade-linux-image-snapdragon-hwe-18-04
• ubuntu-upgrade-linux-image-virtual
• ubuntu-upgrade-linux-image-virtual-hwe-18-04
• ubuntu-upgrade-linux-image-virtual-hwe-20-04
• ubuntu-upgrade-linux-image-xilinx-zynqmp

References

• https://attackerkb.com/topics/cve-2024-27059
• CVE - 2024-27059
• USN-6896-1
• USN-6896-2
• USN-6896-3
• USN-6896-4
• USN-6896-5
• USN-6898-1
• USN-6898-2
• USN-6898-3
• USN-6898-4
• USN-6917-1
• USN-6919-1
• USN-6927-1
• USN-7019-1

View more