FKIE_CVE-2022-49978

Vulnerability from fkie_nvd - Published: 2025-06-18 11:15 - Updated: 2025-11-14 18:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: fbdev: fb_pm2fb: Avoid potential divide by zero error In `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be copied from user, then go through `fb_set_var()` and `info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`. Along the path, `var->pixclock` won't be modified. This function checks whether reciprocal of `var->pixclock` is too high. If `var->pixclock` is zero, there will be a divide by zero error. So, it is necessary to check whether denominator is zero to avoid crash. As this bug is found by Syzkaller, logs are listed below. divide error in pm2fb_check_var Call Trace: <TASK> fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0f1174f4972ea9fad6becf8881d71adca8e9ca91Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/19f953e7435644b81332dd632ba1b2d80b1e37afPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/34c3dea1189525cd533071ed5c176fc4ea8d982bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3ec326a6a0d4667585ca595f438c7293e5ced7c4Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7d9591b32a9092fc6391a316b56e8016c6181c3dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7f88cdfea8d7f4dbaf423d808241403b2bb945e4Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8fc778ee2fb2853f7a3531fa7273349640d8e4e9Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cb4bb011a683532841344ca7f281b5e04389b4f8Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.0
linux linux_kernel 6.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3433BB10-41AC-4CF0-B19A-0EC09FF26272",
              "versionEndExcluding": "4.9.327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42DF7D19-F259-47AF-8715-288480443B27",
              "versionEndExcluding": "4.14.292",
              "versionStartIncluding": "4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "379F570B-8101-4252-AE1C-B802D441D9B4",
              "versionEndExcluding": "4.19.257",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEFFBCD7-9B53-46AB-B3FD-53EAD80FD3E1",
              "versionEndExcluding": "5.4.212",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6872143E-BF6D-4DB5-8454-D843F608AB3B",
              "versionEndExcluding": "5.10.141",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81162A58-341F-455C-96D5-6DF30A0F9295",
              "versionEndExcluding": "5.15.65",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBCC9D9-2058-44E1-8A2E-ABC880E4DE50",
              "versionEndExcluding": "5.19.7",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fb_pm2fb: Avoid potential divide by zero error\n\nIn `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be\ncopied from user, then go through `fb_set_var()` and\n`info-\u003efbops-\u003efb_check_var()` which could may be `pm2fb_check_var()`.\nAlong the path, `var-\u003epixclock` won\u0027t be modified. This function checks\nwhether reciprocal of `var-\u003epixclock` is too high. If `var-\u003epixclock` is\nzero, there will be a divide by zero error. So, it is necessary to check\nwhether denominator is zero to avoid crash. As this bug is found by\nSyzkaller, logs are listed below.\n\ndivide error in pm2fb_check_var\nCall Trace:\n \u003cTASK\u003e\n fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: fb_pm2fb: Evitar posible error de divisi\u00f3n por cero En `do_fb_ioctl()` de fbmem.c, si cmd es FBIOPUT_VSCREENINFO, var se copiar\u00e1 del usuario, luego pasar\u00e1 por `fb_set_var()` e `info-\u0026gt;fbops-\u0026gt;fb_check_var()` que podr\u00edan ser `pm2fb_check_var()`. A lo largo de la ruta, `var-\u0026gt;pixclock` no se modificar\u00e1. Esta funci\u00f3n verifica si el rec\u00edproco de `var-\u0026gt;pixclock` es demasiado alto. Si `var-\u0026gt;pixclock` es cero, habr\u00e1 un error de divisi\u00f3n por cero. Por lo tanto, es necesario verificar si el denominador es cero para evitar un bloqueo. Como Syzkaller encontr\u00f3 este error, los registros se enumeran a continuaci\u00f3n. Error de divisi\u00f3n en el seguimiento de llamadas pm2fb_check_var:  fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189"
    }
  ],
  "id": "CVE-2022-49978",
  "lastModified": "2025-11-14T18:16:04.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-18T11:15:25.243",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0f1174f4972ea9fad6becf8881d71adca8e9ca91"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/19f953e7435644b81332dd632ba1b2d80b1e37af"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/34c3dea1189525cd533071ed5c176fc4ea8d982b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3ec326a6a0d4667585ca595f438c7293e5ced7c4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7d9591b32a9092fc6391a316b56e8016c6181c3d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7f88cdfea8d7f4dbaf423d808241403b2bb945e4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8fc778ee2fb2853f7a3531fa7273349640d8e4e9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/cb4bb011a683532841344ca7f281b5e04389b4f8"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-369"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.