Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
fbdev: fb_pm2fb: Avoid potential divide by zero error
In do_fb_ioctl() of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be
copied from user, then go through fb_set_var() and
info->fbops->fb_check_var() which could may be pm2fb_check_var().
Along the path, var->pixclock won’t be modified. This function checks
whether reciprocal of var->pixclock is too high. If var->pixclock is
zero, there will be a divide by zero error. So, it is necessary to check
whether denominator is zero to avoid crash. As this bug is found by
Syzkaller, logs are listed below.
divide error in pm2fb_check_var
Call Trace:
Details
- Affected product:
- AlmaLinux 9.2 ESU , CentOS 6 ELS , CentOS 7 ELS , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , CloudLinux 6 ELS , CloudLinux 7 ELS , Oracle Linux 6 ELS , Oracle Linux 7 ELS , RHEL 7 ELS , TuxCare 9.6 ESU , Ubuntu 16.04 ELS , Ubuntu 18.04 ELS , Ubuntu 20.04 ELS
- Affected packages:
- kernel @ 2.6.32 (+16 more)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: fb_pm2fb: Avoid potential divide by zero error
In do_fb_ioctl() of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be
copied from user, then go through fb_set_var() and
info->fbops->fb_check_var() which could may be pm2fb_check_var().
Along the path, var->pixclock won’t be modified. This function checks
whether reciprocal of var->pixclock is too high. If var->pixclock is
zero, there will be a divide by zero error. So, it is necessary to check
whether denominator is zero to avoid crash. As this bug is found by
Syzkaller, logs are listed below.
divide error in pm2fb_check_var
Call Trace: