From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF6B48F54 for ; Fri, 8 Nov 2024 06:08:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731046099; cv=none; b=bHxvHB3rjSu+y4P/Tqee2vh2KqRG9u/R5r4rf2gKlc/sKmG9Of1jF+AND0j1fcVudN/yQj+HBwOgZN7lFkywhFVZqtWrUNULwdRbTBg3HgnXN4hzu+6qow60eCYU8bE/6FSa+cnPXnxg7cOnPLZhImc/E1b5yGEUaL8FGnAtRD0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731046099; c=relaxed/simple; bh=GWJw6Xn/SRg/SvEX7HR/wIAyiyKsQpHrZhC1KsXAXME=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=QRzC4z/uTc7JxN7ihbu+VXTa6CUOTOA+mGu8fERSlEAeb9EcXKZFj6qq9osWO9ntB9H6x8NGMXvqlAIaPiGwEMmlwlH3gr6WEklXcr6ZFlxZIgh5Q09b/3DClqceq9Y22xZwA1rSO2/Fq6fvVg/BU/EnZIdthIaQALhIDTOCWkU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=kDU0mS+r; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="kDU0mS+r" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 250B2C4CECE; Fri, 8 Nov 2024 06:08:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1731046099; bh=GWJw6Xn/SRg/SvEX7HR/wIAyiyKsQpHrZhC1KsXAXME=; h=From:To:Cc:Subject:Date:Reply-to:From; b=kDU0mS+rP5aPmrp0Vq8IUIqBzjREhSg3hqYM3riaCM38gS5ONk83MfDiUwLbBq9xL khCYcAGiUxrQwnGo0AvT/4tBeK+biRIYsKJB4oEIZ4tn3k5fiWzkYye9+S4W3zmCIm UW/FwEgKRsDRK+t0lfpQ09X1mecQ7hyIdp10xQco= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() Date: Fri, 8 Nov 2024 07:08:06 +0100 Message-ID: <2024110805-CVE-2024-50205-e583@gregkh> X-Mailer: git-send-email 2.47.0 Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Reply-to: , X-Developer-Signature: v=1; a=openpgp-sha256; l=2719; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=GWJw6Xn/SRg/SvEX7HR/wIAyiyKsQpHrZhC1KsXAXME=; b=owGbwMvMwCRo6H6F97bub03G02pJDOm6q47eWGlrnKcxUflmZ/kFsz69EPduHUOW0OzoYqtMW cFfG052xLIwCDIxyIopsnzZxnN0f8UhRS9D29Mwc1iZQIYwcHEKwETuyjPMFXTn22/h9V3zrqrJ trn5Mk+eKk/uYphfzyX+9abjK6b15/dsnj/LMFFG4edXAA== X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit Description =========== In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() The step variable is initialized to zero. It is changed in the loop, but if it's not changed it will remain zero. Add a variable check before the division. The observed behavior was introduced by commit 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"), and it is difficult to show that any of the interval parameters will satisfy the snd_interval_test() condition with data from the amdtp_rate_table[] table. Found by Linux Verification Center (linuxtesting.org) with SVACE. The Linux kernel CVE team has assigned CVE-2024-50205 to this issue. Affected and fixed versions =========================== Issue introduced in 4.20 with commit 826b5de90c0b and fixed in 5.15.170 with commit 7d4eb9e22131 Issue introduced in 4.20 with commit 826b5de90c0b and fixed in 6.1.115 with commit d2826873db70 Issue introduced in 4.20 with commit 826b5de90c0b and fixed in 6.6.59 with commit 4bdc21506f12 Issue introduced in 4.20 with commit 826b5de90c0b and fixed in 6.11.6 with commit 3452d39c4704 Issue introduced in 4.20 with commit 826b5de90c0b and fixed in 6.12-rc5 with commit 72cafe63b35d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-50205 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/firewire/amdtp-stream.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7d4eb9e22131ec154e638cbd56629195c9bcbe9a https://git.kernel.org/stable/c/d2826873db70a6719cdd9212a6739f3e6234cfc4 https://git.kernel.org/stable/c/4bdc21506f12b2d432b1f2667e5ff4c75eee58e3 https://git.kernel.org/stable/c/3452d39c4704aa12504e4190298c721fb01083c3 https://git.kernel.org/stable/c/72cafe63b35d06b5cfbaf807e90ae657907858da