CVE-2024-50232
📋 TL;DR
A division by zero vulnerability exists in the Linux kernel's AD7124 ADC driver when setting channel output data rates. This can cause kernel panics or system crashes on devices using this driver. Systems running vulnerable Linux kernel versions with AD7124 hardware are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical reboot of affected hardware.
Likely Case
System instability or crash when applications attempt to configure AD7124 ADC channels with zero values.
If Mitigated
No impact if the vulnerable driver is not loaded or AD7124 hardware is not present.
🎯 Exploit Status
Requires ability to write to the vulnerable iio interface, typically requiring local access or compromised application with appropriate permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (see references)
Vendor Advisory: https://git.kernel.org/stable/c/0ac0beb4235a9a474f681280a3bd4e2a5bb66569
Restart Required: Yes
Instructions:
1. Update to a patched Linux kernel version containing the fix. 2. Reboot the system to load the new kernel. 3. Verify the AD7124 driver is functioning correctly.
🔧 Temporary Workarounds
Unload AD7124 driver
linuxRemove the vulnerable kernel module if AD7124 hardware is not required
sudo rmmod ad7124
Blacklist AD7124 driver
linuxPrevent the driver from loading at boot
echo 'blacklist ad7124' | sudo tee /etc/modprobe.d/blacklist-ad7124.conf
🧯 If You Can't Patch
- Restrict access to iio device files to trusted users only
- Monitor system logs for kernel panic events related to AD7124
🔍 How to Verify
Check if Vulnerable:
Check if AD7124 driver is loaded: lsmod | grep ad7124Check Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions in references, and verify driver loads without issues📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Division by zero errors in kernel logs
- System crash/reboot events
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("division by zero" OR "panic" OR "ad7124")🔗 References
- https://git.kernel.org/stable/c/0ac0beb4235a9a474f681280a3bd4e2a5bb66569
- https://git.kernel.org/stable/c/3dc0eda2cd5c653b162852ae5f0631bfe4ca5e95
- https://git.kernel.org/stable/c/4f588fffc307a4bc2761aee6ff275bb4b433e451
- https://git.kernel.org/stable/c/efa353ae1b0541981bc96dbf2e586387d0392baa
- https://git.kernel.org/stable/c/f51343f346e6abde094548a7fb34472b0d4cae91
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
