- Vulnerability/
- CVE-2024-26778
CVE-2024-26778: fbdev: savage: Error out if pixclock equals zero
First published: Wed Apr 03 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although pixclock is checked in savagefb_decode_var(), but it is not checked properly in savagefb_probe(). Fix this by checking whether pixclock is zero in the function savagefb_check_var() before info->var.pixclock is used as the divisor. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288
- https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4
- https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1
- https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24
- https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff
- https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1
- https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01
- https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13
- https://launchpad.net/bugs/cve/CVE-2024-26778
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26778
- https://nvd.nist.gov/vuln/detail/CVE-2024-26778
- https://security-tracker.debian.org/tracker/CVE-2024-26778
- https://ubuntu.com/security/CVE-2024-26778
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://git.kernel.org/linus/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288
Frequently Asked Questions
What is the severity of CVE-2024-26778?
CVE-2024-26778 has been classified as a security vulnerability that can lead to potential system crashes due to a divide-by-zero error.
How do I fix CVE-2024-26778?
To resolve CVE-2024-26778, users should upgrade to the fixed versions of the Linux kernel available, including versions 5.10.223-1, 5.10.226-1, 6.1.119-1, 6.1.123-1, 6.12.10-1, and 6.12.11-1.
Which Linux distributions are affected by CVE-2024-26778?
CVE-2024-26778 primarily affects Debian-based Linux distributions that utilize the vulnerable versions of the Linux kernel.
What happens if CVE-2024-26778 is exploited?
If exploited, CVE-2024-26778 can cause the userspace program to crash, potentially disrupting services and impacting system stability.
Is there a workaround for CVE-2024-26778?
Currently, the best course of action is to upgrade the affected kernel versions, as no official workarounds have been published.
- agent/severity
- agent/title
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-api
- source/NVD
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/debian