CVE-2024-27059

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a divide-by-zero error in the isd200 sub-driver of the usb-storage component. This error occurs when the sub-driver uses the HEADS and SECTORS values from the ATA ID information to calculate cylinder and head values for READ or WRITE commands. If either of these values is 0, the calculation will cause a crash. This could happen with a flawed or subversive emulation, as reported by the syzbot fuzzer. The protection against this possibility involves refusing to bind to the device if either the ATA ID HEADS or ATA ID SECTORS value in the device's ID information is 0. This requires the isd200 Initialization() function to return a negative error code when initialization fails.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.