VDB

CISA-2024-26777

CISA-2024-26777 PUBLISHED

Reported by Linux · Published April 3, 2024

In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. In sisfb_check_var(), var->pixclock is used as a divisor to caculate drate before it is checked against zero. Fix this by checking it at the beginning. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8.

Affected Products

VendorProductVersions
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
LinuxLinux2.6.12, 0, 4.19.308
LinuxLinux*, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
linuxlinux_kernel2.6.12, 2.6.12, 2.6.12

Timeline

  • Apr 3, 2024 CVE Published
  • Jan 5, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›