fkie_cve-2022-49978
Vulnerability from fkie_nvd
Published
2025-06-18 11:15
Modified
2025-06-18 13:46
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: fbdev: fb_pm2fb: Avoid potential divide by zero error In `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be copied from user, then go through `fb_set_var()` and `info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`. Along the path, `var->pixclock` won't be modified. This function checks whether reciprocal of `var->pixclock` is too high. If `var->pixclock` is zero, there will be a divide by zero error. So, it is necessary to check whether denominator is zero to avoid crash. As this bug is found by Syzkaller, logs are listed below. divide error in pm2fb_check_var Call Trace: <TASK> fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0f1174f4972ea9fad6becf8881d71adca8e9ca91
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/19f953e7435644b81332dd632ba1b2d80b1e37af
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/34c3dea1189525cd533071ed5c176fc4ea8d982b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3ec326a6a0d4667585ca595f438c7293e5ced7c4
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7d9591b32a9092fc6391a316b56e8016c6181c3d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7f88cdfea8d7f4dbaf423d808241403b2bb945e4
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8fc778ee2fb2853f7a3531fa7273349640d8e4e9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cb4bb011a683532841344ca7f281b5e04389b4f8
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fb_pm2fb: Avoid potential divide by zero error\n\nIn `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be\ncopied from user, then go through `fb_set_var()` and\n`info-\u003efbops-\u003efb_check_var()` which could may be `pm2fb_check_var()`.\nAlong the path, `var-\u003epixclock` won\u0027t be modified. This function checks\nwhether reciprocal of `var-\u003epixclock` is too high. If `var-\u003epixclock` is\nzero, there will be a divide by zero error. So, it is necessary to check\nwhether denominator is zero to avoid crash. As this bug is found by\nSyzkaller, logs are listed below.\n\ndivide error in pm2fb_check_var\nCall Trace:\n \u003cTASK\u003e\n fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: fb_pm2fb: Evitar posible error de divisi\u00f3n por cero En `do_fb_ioctl()` de fbmem.c, si cmd es FBIOPUT_VSCREENINFO, var se copiar\u00e1 del usuario, luego pasar\u00e1 por `fb_set_var()` e `info-\u0026gt;fbops-\u0026gt;fb_check_var()` que podr\u00edan ser `pm2fb_check_var()`. A lo largo de la ruta, `var-\u0026gt;pixclock` no se modificar\u00e1. Esta funci\u00f3n verifica si el rec\u00edproco de `var-\u0026gt;pixclock` es demasiado alto. Si `var-\u0026gt;pixclock` es cero, habr\u00e1 un error de divisi\u00f3n por cero. Por lo tanto, es necesario verificar si el denominador es cero para evitar un bloqueo. Como Syzkaller encontr\u00f3 este error, los registros se enumeran a continuaci\u00f3n. Error de divisi\u00f3n en el seguimiento de llamadas pm2fb_check_var:  fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189"
    }
  ],
  "id": "CVE-2022-49978",
  "lastModified": "2025-06-18T13:46:52.973",
  "metrics": {},
  "published": "2025-06-18T11:15:25.243",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0f1174f4972ea9fad6becf8881d71adca8e9ca91"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/19f953e7435644b81332dd632ba1b2d80b1e37af"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/34c3dea1189525cd533071ed5c176fc4ea8d982b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3ec326a6a0d4667585ca595f438c7293e5ced7c4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7d9591b32a9092fc6391a316b56e8016c6181c3d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7f88cdfea8d7f4dbaf423d808241403b2bb945e4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8fc778ee2fb2853f7a3531fa7273349640d8e4e9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/cb4bb011a683532841344ca7f281b5e04389b4f8"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.