CVE-2024-50205

Summary

CVE-2024-50205 is a vulnerability affecting the Linux kernel's ALSA (Advanced Linux Sound Architecture) subsystem, specifically the firewire-lib component. The issue arises from a division by zero flaw in the apply_constraint_to_size() function. The variable 'step' is initialized to zero but not always updated in the loop, leading to potential division by zero. This vulnerability was introduced by commit 826b5de90c0b and could not be easily triggered due to the complex conditions required. The Linux Verification Center (linuxtesting.org) uncovered this issue with the aid of the Security Vulnerability Analysis and Verification Environment (SVACE).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.