Alma Linux: CVE-2024-27059: Moderate: kernel update (Multiple Advisories)

Alma Linux: CVE-2024-27059: Moderate: kernel update (Multiple Advisories)

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

05/01/2024

Created

06/07/2024

Added

06/06/2024

Modified

01/30/2025

Description

In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when creating a CDB for READ or WRITE commands.The calculation involves division and modulus operations, which will cause a crash if either of these values is 0.While this never happens with a genuine device, it could happen with a flawed or subversive emulation, as reported by the syzbot fuzzer. Protect against this possibility by refusing to bind to the device if either the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID information is 0.This requires isd200_Initialization() to return a negative error code when initialization fails; currently it always returns 0 (even when there is an error).

Solution(s)

• alma-upgrade-bpftool
• alma-upgrade-kernel
• alma-upgrade-kernel-abi-stablelists
• alma-upgrade-kernel-core
• alma-upgrade-kernel-cross-headers
• alma-upgrade-kernel-debug
• alma-upgrade-kernel-debug-core
• alma-upgrade-kernel-debug-devel
• alma-upgrade-kernel-debug-modules
• alma-upgrade-kernel-debug-modules-extra
• alma-upgrade-kernel-devel
• alma-upgrade-kernel-doc
• alma-upgrade-kernel-headers
• alma-upgrade-kernel-modules
• alma-upgrade-kernel-modules-extra
• alma-upgrade-kernel-rt
• alma-upgrade-kernel-rt-core
• alma-upgrade-kernel-rt-debug
• alma-upgrade-kernel-rt-debug-core
• alma-upgrade-kernel-rt-debug-devel
• alma-upgrade-kernel-rt-debug-kvm
• alma-upgrade-kernel-rt-debug-modules
• alma-upgrade-kernel-rt-debug-modules-extra
• alma-upgrade-kernel-rt-devel
• alma-upgrade-kernel-rt-kvm
• alma-upgrade-kernel-rt-modules
• alma-upgrade-kernel-rt-modules-extra
• alma-upgrade-kernel-tools
• alma-upgrade-kernel-tools-libs
• alma-upgrade-kernel-tools-libs-devel
• alma-upgrade-kernel-zfcpdump
• alma-upgrade-kernel-zfcpdump-core
• alma-upgrade-kernel-zfcpdump-devel
• alma-upgrade-kernel-zfcpdump-modules
• alma-upgrade-kernel-zfcpdump-modules-extra
• alma-upgrade-perf
• alma-upgrade-python3-perf

References

• https://attackerkb.com/topics/cve-2024-27059
• CVE - 2024-27059
• https://errata.almalinux.org/8/ALSA-2024-3618.html
• https://errata.almalinux.org/8/ALSA-2024-3627.html