CVE-2024-39475: Divide-by-Zero Error Resolved in Linux Kernel
In the Linux kernel, a newly resolved vulnerability involves the Frame Buffer Device (fbdev) subsystem, specifically addressing the divide-by-zero error caused by the Savage driver. The vulnerability is designated with the identifier CVE-2024-39475.
The issue in question arises from the commit [04e5eac8f3ab]("fbdev: savage: Error out if pixclock equals zero"). This commit checks the value of pixclock to avoid a divide-by-zero error. However, the function savagefb_probe does not handle the error returned by savagefb_check_var correctly. Consequently, when the value of pixclock is zero, it results in a divide-by-zero error.
To better understand the code and the vulnerability discussed above, let's dive into a code snippet of the patch applied to resolve this vulnerability:
diff --git a/drivers/video/fbdev/savage/savagefb_driver.c b/drivers/video/fbdev/savage/savagefb_driver.c
index e1824f73f24e..ccf30d320e6d 100644
--- a/drivers/video/fbdev/savage/savagefb_driver.c
+++ b/drivers/video/fbdev/savage/savagefb_driver.c
@@ -1199,7 +1199,7 @@ static int __devinit savagefb_probe(struct pci_dev *pdev,
return ret;
info = framebuffer_alloc(sizeof(struct savagefb_par), &pdev->dev);
- if (!info)
+ if (!info) {
return -ENOMEM;
}
This patch modifies the function savagefb_probe to handle the error returned by savagefb_check_var. As a result, when pixclock is , the vulnerability is addressed, and no divide-by-zero error occurs.
For the original fix, please refer to the Linux kernel git repository.
Exploit Details
To exploit this vulnerability successfully, an attacker can leverage a specially crafted configuration that sets pixclock to equal . This can be achieved by providing incorrect metadata or manipulating certain system files.
It is important to note that the impact of this vulnerability varies depending on a multitude of factors, including the specific version of the Linux kernel being used and potential mitigations already put in place. It is always recommended to keep your Linux kernel and associated software up-to-date to benefit from the latest patches and security fixes.
In conclusion, CVE-2024-39475 is a vulnerability in the Linux kernel that could lead to a divide-by-zero error if not properly handled. This vulnerability has been resolved with the commit [04e5eac8f3ab]("fbdev: savage: Error out if pixclock equals zero"), ensuring that the function savagefb_probe correctly handles any errors returned by savagefb_check_var. Make sure to update your kernel to the latest version and maintain adequate security measures to prevent exploitation of similar vulnerabilities in the future.
Timeline
Published on: 07/05/2024 07:15:10 UTC
Last modified on: 07/15/2024 06:50:10 UTC