| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122715-CVE-2024-56567-a306@gregkh> Date: Fri, 27 Dec 2024 15:23:18 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-56567: ad7780: fix division by zero in ad7780_write_raw() Description =========== In the Linux kernel, the following vulnerability has been resolved: ad7780: fix division by zero in ad7780_write_raw() In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info's write_raw. While val is explicitly declared that can be zero (in read mode), val2 is not specified to be non-zero. The Linux kernel CVE team has assigned CVE-2024-56567 to this issue. Affected and fixed versions =========================== Issue introduced in 5.2 with commit 9085daa4abcc3a1c19ae4eb00e609842ef28275a and fixed in 5.4.287 with commit 18fb33df1de83a014d7f784089f9b124facc157f Issue introduced in 5.2 with commit 9085daa4abcc3a1c19ae4eb00e609842ef28275a and fixed in 5.10.231 with commit afc1e3c00b3f5f0b4f1bc3e974fb9803cb938a90 Issue introduced in 5.2 with commit 9085daa4abcc3a1c19ae4eb00e609842ef28275a and fixed in 5.15.174 with commit 68e79b848196a0b0ec006009cc69da1f835d1ae8 Issue introduced in 5.2 with commit 9085daa4abcc3a1c19ae4eb00e609842ef28275a and fixed in 6.1.120 with commit 022e13518ba6cc1b4fdd291f49e4f57b2d5718e0 Issue introduced in 5.2 with commit 9085daa4abcc3a1c19ae4eb00e609842ef28275a and fixed in 6.6.64 with commit 7e3a8ea3d1ada7f707de5d9d504774b4191eab66 Issue introduced in 5.2 with commit 9085daa4abcc3a1c19ae4eb00e609842ef28275a and fixed in 6.12.4 with commit f25a9f1df1f6738acf1fa05595fb6060a2c08ff1 Issue introduced in 5.2 with commit 9085daa4abcc3a1c19ae4eb00e609842ef28275a and fixed in 6.13-rc1 with commit c174b53e95adf2eece2afc56cd9798374919f99a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-56567 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/iio/adc/ad7780.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/18fb33df1de83a014d7f784089f9b124facc157f https://git.kernel.org/stable/c/afc1e3c00b3f5f0b4f1bc3e974fb9803cb938a90 https://git.kernel.org/stable/c/68e79b848196a0b0ec006009cc69da1f835d1ae8 https://git.kernel.org/stable/c/022e13518ba6cc1b4fdd291f49e4f57b2d5718e0 https://git.kernel.org/stable/c/7e3a8ea3d1ada7f707de5d9d504774b4191eab66 https://git.kernel.org/stable/c/f25a9f1df1f6738acf1fa05595fb6060a2c08ff1 https://git.kernel.org/stable/c/c174b53e95adf2eece2afc56cd9798374919f99a
Powered by blists - more mailing lists