CVE-2024-26777

MEDIUM

Linux Kernel - Divide By Zero via sisfb_check_var() Pixclock Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. In sisfb_check_var(), var->pixclock is used as a divisor to caculate drate before it is checked against zero. Fix this by checking it at the beginning. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8.

References (10)

Core 10
Core References

Scores

CVSS v3 5.5
EPSS 0.0025
EPSS Percentile 16.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-369
Status published
Products (28)
debian/debian_linux 10.0
linux/Kernel 2.6.12 - 4.19.308linux
linux/Kernel 4.20.0 - 5.4.270linux
linux/Kernel 5.11.0 - 5.15.150linux
linux/Kernel 5.16.0 - 6.1.80linux
linux/Kernel 5.5.0 - 5.10.211linux
linux/Kernel 6.2.0 - 6.6.19linux
linux/Kernel 6.7.0 - 6.7.7linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 1d11dd3ea5d039c7da089f309f39c4cd363b924b
... and 18 more
Published Apr 03, 2024
Tracked Since Feb 18, 2026