PT-2024-7696 · Linux+5 · Linux Kernel+5

Fullway Wang

Published

2024-01-21

Updated

2025-02-27

CVE-2024-26778

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a divide-by-zero error in the savagefb check var() function. A userspace program can pass any values to the driver through the ioctl() interface, potentially causing a divide-by-zero error if the pixclock value is not properly checked. The error occurs because pixclock is not checked properly in savagefb probe(), although it is checked in savagefb decode var(). The fix involves checking whether pixclock is zero in the savagefb check var() function before using info->var.pixclock as the divisor.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

BDU:2024-09153

CVE-2024-26778

DLA-3840-1

DLA-3842-1

DSA-5658-1

DSA-5681-1

OESA-2024-1520

OESA-2024-1524

OESA-2024-1526

OESA-2024-1535

OESA-2024-1536

OESA-2024-1541

SUSE-SU-2024:1643-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1870-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2190-1

USN-6820-1

USN-6820-2

USN-6821-1

USN-6821-2

USN-6821-3

USN-6821-4

USN-6828-1

USN-6831-1

USN-6867-1

USN-6871-1

USN-6892-1

USN-6919-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-7696 · Linux+5 · Linux Kernel+5

CVE-2024-26778

Weakness Enumeration

Related Identifiers

Affected Products

References · 2065