PT-2025-25904 · Linux+2 · Linux Kernel+2

Published

2022-08-18

Updated

2025-07-28

CVE-2022-49978

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential divide by zero error has been identified in the Linux kernel, specifically in the fb pm2fb function of the fbdev module. This issue arises when the do fb ioctl() function in fbmem.c processes a user-provided var structure, which is then passed through fb set var() and info->fbops->fb check var(), potentially calling pm2fb check var(). The error occurs when the var->pixclock value is zero, causing a division by zero in the pm2fb check var() function. This bug was discovered by Syzkaller, a kernel fuzzing tool.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

BDU:2026-04501

CVE-2022-49978

SUSE-SU-2025:02264-1

SUSE-SU-2025:02308-1

SUSE-SU-2025:02320-1

SUSE-SU-2025:02321-1

SUSE-SU-2025:02322-1

SUSE-SU-2025:02334-1

SUSE-SU-2025:02537-1

SUSE-SU-2025:2264-1

SUSE-SU-2025_02264-1

SUSE-SU-2025_02308-1

SUSE-SU-2025_02334-1

SUSE-SU-2025_02537-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-25904 · Linux+2 · Linux Kernel+2

CVE-2022-49978

Weakness Enumeration

Related Identifiers

Affected Products

References · 745