[SRU][N][PATCH 0/1] CVE-2024-50233
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Tue Jan 21 18:59:33 UTC 2025
[Impact]
staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()
In the ad9832_write_frequency() function, clk_get_rate() might return 0.
This can lead to a division by zero when calling ad9832_calc_freqreg().
The check if (fout > (clk_get_rate(st->mclk) / 2)) does not protect
against the case when fout is 0. The ad9832_write_frequency() function
is called from ad9832_write(), and fout is derived from a text buffer,
which can contain any value.
[Fix]
Oracular: Fixed via upstrem stable updates (96ddadd61f3c24)
Noble: Clean cherry pick from mainline
Jammy: Fixed via upstream stable updates (d2fddb830e0acc)
Focal: Fixed via upstream stable updates (86908c27f9a164)
Bionic: Sent to ESM ML
Xenial: Sent to ESM ML
Trusty: Sent to ESM ML
[Test Case]
Compile tested only.
[Where problems could occur]
The fix affects the AD9832 driver in the Industrial I/O subsystem. An
issue with this fix may lead to kernel crashes, incorrect frequency or
phase output from the AD9832 device, or failures in signal generation.
Zicheng Qu (1):
staging: iio: frequency: ad9832: fix division by zero in
ad9832_calc_freqreg()
drivers/staging/iio/frequency/ad9832.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--
2.43.0
More information about the kernel-team
mailing list