CVE-2024-38619

Updated: 2024-09-11 03:50:02.508105

Description:

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba(). - Add a member "media_initialized" to struct alauda_info. - Change a condition in alauda_check_media() to ensure the first initialization. - Add an error check for the return value of alauda_init_media().


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Released CLSA-2024:1728936982 2024-10-14 17:36:48
AlmaLinux 9.2 FIPS kernel 5.14.0 5.5 MEDIUM In Testing 2024-10-14 05:32:50
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-09-11 12:12:07
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-09-11 12:12:04
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-09-24 05:38:46
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-09-24 05:38:47
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-09-24 05:38:45
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-09-11 12:12:07
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-09-11 12:12:03
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-09-11 12:12:04
Total: 13