{ "id": "CVE-2024-26778", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T17:15:53.370", "lastModified": "2025-02-27T14:36:27.373", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn't check the value of pixclock,\nit may cause divide-by-zero error.\n\nAlthough pixclock is checked in savagefb_decode_var(), but it is not\nchecked properly in savagefb_probe(). Fix this by checking whether\npixclock is zero in the function savagefb_check_var() before\ninfo->var.pixclock is used as the divisor.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8." }, { "lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: savage: error si pixclock es igual a cero. El programa de espacio de usuario podr\u00eda pasar cualquier valor al controlador a trav\u00e9s de la interfaz ioctl(). Si el controlador no verifica el valor de pixclock, puede causar un error de divisi\u00f3n por cero. Aunque pixclock est\u00e1 marcado en savagefb_decode_var(), no est\u00e1 marcado correctamente en savagefb_probe(). Solucione este problema verificando si pixclock es cero en la funci\u00f3n savagefb_check_var() antes de usar info->var.pixclock como divisor. Esto es similar a CVE-2022-3061 en i740fb que se solucion\u00f3 mediante el commit 15cf0b8." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-369" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.308", "matchCriteriaId": "B6FB6042-3E0F-4A36-8DED-B3C350612BDC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.4.270", "matchCriteriaId": "5D8044B1-C7E8-44A4-9F03-A4D7BCDB1721" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.211", "matchCriteriaId": "7DDA4DCF-671D-415D-94DF-6E3C77DF0704" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.150", "matchCriteriaId": "CB6C60DE-9E0C-46C5-904D-D4F4031F8E95" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.80", "matchCriteriaId": "BA7850CE-97C9-4408-A348-6173296BCA2B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.6.19", "matchCriteriaId": "8D82004C-B2AE-4048-9344-32EFF65953B0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.7.7", "matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ] } ] }