CVE-2024-38619: usb-storage: alauda: Check whether the media is initialized
In the Linux kernel, the following vulnerability has been resolved:
usb-storage: alauda: Check whether the media is initialized
The Linux kernel CVE team has assigned CVE-2024-38619 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024062035-CVE-2024-38619-97c7@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
usb-storage: alauda: Check whether the media is initialized
The member "uzonesize" of struct alaudainfo will remain 0 if alaudainitmedia() fails, potentially causing divide errors in alaudareaddata() and alaudawritelba(). - Add a member "mediainitialized" to struct alaudainfo. - Change a condition in alaudacheckmedia() to ensure the first initialization. - Add an error check for the return value of alaudainitmedia().
— NVD
Linux Kernel is vulnerable to a denial of service, caused by a flaw in Usb-Storage: Alauda. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-38619?
CVE-2024-38619 has been classified with a severity rating that requires assessment based on the impacted systems and configurations.
How do I fix CVE-2024-38619?
To fix CVE-2024-38619, update the Linux kernel to the recommended versions provided by your distribution.
What systems are affected by CVE-2024-38619?
CVE-2024-38619 affects various versions of the Linux kernel across both Red Hat and Debian distributions.
Is there a workaround for CVE-2024-38619?
Currently, there are no known workarounds for CVE-2024-38619, and updating is the recommended course of action.
What are the potential risks of CVE-2024-38619?
Exploitation of CVE-2024-38619 could lead to unauthorized access or manipulation of the USB storage devices on affected systems.