CVE-2024-50232

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: A division by zero issue has been identified in the Linux kernel, specifically in the ad7124 set channel odr() function. This occurs when the val parameter in the ad7124 write raw() function is zero, leading to a division by zero error when DIV ROUND CLOSEST() is called. The ad7124 write raw() function is invoked through a sequence of calls, including iio write channel raw(), iio write channel attribute(), and iio channel write(), without checks to ensure val is non-zero.

Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider adding checks to ensure the val parameter is non-zero before invoking the ad7124 write raw() function. Restrict access to the vulnerable function ad7124 set channel odr() to minimize the risk of exploitation.