CVE-2024-50287

media: v4l2-tpg: prevent the risk of a division by zero

Description

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: prevent the risk of a division by zero As reported by Coverity, the logic at tpg_precalculate_line() blindly rescales the buffer even when scaled_witdh is equal to zero. If this ever happens, this will cause a division by zero. Instead, add a WARN_ON_ONCE() to trigger such cases and return without doing any precalculation.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.06%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/e3c36d0bde309f690ed1f9cd5f7e63b3a513f94a patch
https://git.kernel.org/stable/c/0bfc6e38ee2250f0503d96f1a1de441c31d88715 patch
https://git.kernel.org/stable/c/054931ca3cfcb8e8fa036e887d6f379942b02565 patch
https://git.kernel.org/stable/c/a749c15dccc58d9cbad9cd23bd8ab4b5fa96cf47 patch
https://git.kernel.org/stable/c/c63c30c9d9f2c8de34b16cd2b8400240533b914e patch
https://git.kernel.org/stable/c/2d0f01aa602fd15a805771bdf3f4d9a9b4df7f47 patch
https://git.kernel.org/stable/c/0cdb42ba0b28f548c1a4e86bb8489dba0d78fc21 patch
https://git.kernel.org/stable/c/e6a3ea83fbe15d4818d01804e904cbb0e64e543b patch

Frequently Asked Questions

What is the severity of CVE-2024-50287?
CVE-2024-50287 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50287?
To fix CVE-2024-50287, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50287 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50287 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50287?
CVE-2024-50287 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.