CVE-2024-39475

fbdev: savage: Handle err return when savagefb_check_var failed

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

fbdev: savage: Handle err return when savagefb_check_var failed

The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equals zero")
checks the value of pixclock to avoid divide-by-zero error. However
the function savagefb_probe doesn't handle the error return of
savagefb_check_var. When pixclock is 0, it will cause divide-by-zero error.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: savage: Maneja el retorno de error cuando falla savagefb_check_var. El commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock es igual a cero") verifica el valor de pixclock para evitar división por error cero. Sin embargo, la función savagefb_probe no maneja la devolución de error de savagefb_check_var. Cuando pixclock es 0, provocará un error de división por cero.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-25 CVE Reserved
2024-07-05 CVE Published
2024-07-09 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-369: Divide By Zero

CAPEC

References (16)

URL	Tag	Source
https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1	Vuln. Introduced
https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff	Vuln. Introduced
https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24	Vuln. Introduced
https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1	Vuln. Introduced
https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4	Vuln. Introduced
https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13	Vuln. Introduced
https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288	Vuln. Introduced
https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/be754cbd77eaf2932408a4e18532e4945274a5c7	2024-06-16
https://git.kernel.org/stable/c/86435f39c18967cdd937d7a49ba539cdea7fb547	2024-06-16
https://git.kernel.org/stable/c/32f92b0078ebf79dbe4827288e0acb50d89d3d5b	2024-06-16
https://git.kernel.org/stable/c/4b2c67e30b4e1d2ae19dba8b8e8f3b5fd3cf8089	2024-06-16
https://git.kernel.org/stable/c/edaa57480b876e8203b51df7c3d14a51ea6b09e3	2024-06-16
https://git.kernel.org/stable/c/b8385ff814ca4cb7e63789841e6ec2a14c73e1e8	2024-06-16
https://git.kernel.org/stable/c/5f446859bfa46df0ffb34149499f48a2c2d8cd95	2024-06-16
https://git.kernel.org/stable/c/6ad959b6703e2c4c5d7af03b4cfd5ff608036339	2024-04-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.308 < 4.19.316 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.308 < 4.19.316"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.270 < 5.4.278 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.270 < 5.4.278"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.211 < 5.10.219 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.211 < 5.10.219"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.150 < 5.15.161 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.150 < 5.15.161"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.80 < 6.1.94 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.80 < 6.1.94"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.19 < 6.6.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.19 < 6.6.34"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.9.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.9.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.7.7 Search vendor "Linux" for product "Linux Kernel" and version "6.7.7"		en		Affected