PT-2024-4396 · Linux+9 · Linux Kernel+9
Xingwei Lee
+1
·
Published
2024-06-04
·
Updated
2025-09-29
·
CVE-2024-38619
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to the
alauda init media() function in the Linux kernel, which can cause divide errors in alauda read data() and alauda write lba() if it fails. This is due to the uzonesize member of struct alauda info remaining 0. The vulnerability can potentially lead to a denial of service. To resolve the issue, a member media initialized has been added to struct alauda info, a condition in alauda check media() has been changed, and an error check for the return value of alauda init media() has been added.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Use of Uninitialized Resource
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu