Bug 2348252 (CVE-2021-47641) - CVE-2021-47641 kernel: video: fbdev: cirrusfb: check pixclock to avoid divide by zero
Summary: CVE-2021-47641 kernel: video: fbdev: cirrusfb: check pixclock to avoid divide...
Keywords:
Status: NEW
Alias: CVE-2021-47641
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:22 UTC by OSIDB Bzimport
Modified: 2025-02-26 18:37 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:22:56 UTC 
In the Linux kernel, the following vulnerability has been resolved:

video: fbdev: cirrusfb: check pixclock to avoid divide by zero

Do a sanity check on pixclock value to avoid divide by zero.

If the pixclock value is zero, the cirrusfb driver will round up
pixclock to get the derived frequency as close to maxclock as
possible.

Syzkaller reported a divide error in cirrusfb_check_pixclock.

divide error: 0000 [#1] SMP KASAN PTI
CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2
RIP: 0010:cirrusfb_check_var+0x6f1/0x1260

Call Trace:
 fb_set_var+0x398/0xf90
 do_fb_ioctl+0x4b8/0x6f0
 fb_ioctl+0xeb/0x130
 __x64_sys_ioctl+0x19d/0x220
 do_syscall_64+0x3a/0x80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
Comment 1 Avinash Hanwate 2025-02-26 14:16:02 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022647-CVE-2021-47641-5a38@gregkh/T
Comment 2 Avinash Hanwate 2025-02-26 18:26:38 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022647-CVE-2021-47641-5a38@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.