fkie_cve-2024-26777
Vulnerability from fkie_nvd
Published
2024-04-03 17:15
Modified
2024-11-21 09:03
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. In sisfb_check_var(), var->pixclock is used as a divisor to caculate drate before it is checked against zero. Fix this by checking it at the beginning. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sis: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nIn sisfb_check_var(), var-\u003epixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: sis: error si pixclock es igual a cero. El programa de espacio de usuario podr\u00eda pasar cualquier valor al controlador a trav\u00e9s de la interfaz ioctl(). Si el controlador no verifica el valor de pixclock, puede causar un error de divisi\u00f3n por cero. En sisfb_check_var(), var-\u0026gt;pixclock se usa como divisor para calcular la velocidad antes de compararla con cero. Solucione este problema marc\u00e1ndolo al principio. Esto es similar a CVE-2022-3061 en i740fb que se solucion\u00f3 mediante el commit 15cf0b8."
    }
  ],
  "id": "CVE-2024-26777",
  "lastModified": "2024-11-21T09:03:02.893",
  "metrics": {},
  "published": "2024-04-03T17:15:53.303",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.