CVE-2024-50232: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50232 is a division by zero vulnerability discovered in the Linux kernel's AD7124 ADC driver. The vulnerability was identified on October 22, 2024, and affects the ad7124_write_raw() function where the parameter val can potentially be zero, leading to a division by zero condition when DIV_ROUND_CLOSEST() is called within ad7124_set_channel_odr(). The vulnerability affects Linux kernel versions from 5.13 through 6.11.7 (NVD).

The vulnerability exists in the Linux kernel's Industrial I/O (IIO) subsystem, specifically in the AD7124 ADC driver. The issue occurs in the ad7124_write_raw() function which can be called through the sequence: iio_write_channel_raw() -> iio_write_channel_attribute() -> iio_channel_write(). The function lacks proper validation to ensure the 'val' parameter is non-zero before performing division operations. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a division by zero error when DIV_ROUND_CLOSEST() is called within ad7124_set_channel_odr(), potentially causing a kernel crash or denial of service condition. The impact is limited to systems using the AD7124 ADC driver (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves adding a check for val == 0 in the ad7124_write_raw() function to prevent the division by zero condition. The patch has been backported to affected stable kernel versions. Users should update to the patched kernel versions: 5.15.171, 6.1.116, 6.6.60, or 6.11.7 and later (Kernel Patch).