| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022647-CVE-2021-47641-5a38@gregkh> Date: Wed, 26 Feb 2025 02:53:52 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47641: video: fbdev: cirrusfb: check pixclock to avoid divide by zero Description =========== In the Linux kernel, the following vulnerability has been resolved: video: fbdev: cirrusfb: check pixclock to avoid divide by zero Do a sanity check on pixclock value to avoid divide by zero. If the pixclock value is zero, the cirrusfb driver will round up pixclock to get the derived frequency as close to maxclock as possible. Syzkaller reported a divide error in cirrusfb_check_pixclock. divide error: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2 RIP: 0010:cirrusfb_check_var+0x6f1/0x1260 Call Trace: fb_set_var+0x398/0xf90 do_fb_ioctl+0x4b8/0x6f0 fb_ioctl+0xeb/0x130 __x64_sys_ioctl+0x19d/0x220 do_syscall_64+0x3a/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae The Linux kernel CVE team has assigned CVE-2021-47641 to this issue. Affected and fixed versions =========================== Fixed in 4.9.311 with commit c656d04247a2654ede5cead2ecbf83431dad5261 Fixed in 4.14.276 with commit 1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135 Fixed in 4.19.238 with commit 40b13e3d85744210db13457785646634e2d056bd Fixed in 5.4.189 with commit 53a2088a396cfa1da92690a1da289634cd73bf0d Fixed in 5.10.110 with commit 8c7e2141fb89c620ab4e41512e262fbf25b8260d Fixed in 5.15.33 with commit 6fe23ff94e7840097202e85c148688940b37c9b1 Fixed in 5.16.19 with commit 45800c42ef000f417270bcfc08630e42486fca99 Fixed in 5.17.2 with commit e498b504f8c81b07efab9febf8503448de4dc9cf Fixed in 5.18 with commit 5c6f402bdcf9e7239c6bc7087eda71ac99b31379 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47641 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/video/fbdev/cirrusfb.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261 https://git.kernel.org/stable/c/1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135 https://git.kernel.org/stable/c/40b13e3d85744210db13457785646634e2d056bd https://git.kernel.org/stable/c/53a2088a396cfa1da92690a1da289634cd73bf0d https://git.kernel.org/stable/c/8c7e2141fb89c620ab4e41512e262fbf25b8260d https://git.kernel.org/stable/c/6fe23ff94e7840097202e85c148688940b37c9b1 https://git.kernel.org/stable/c/45800c42ef000f417270bcfc08630e42486fca99 https://git.kernel.org/stable/c/e498b504f8c81b07efab9febf8503448de4dc9cf https://git.kernel.org/stable/c/5c6f402bdcf9e7239c6bc7087eda71ac99b31379
Powered by blists - more mailing lists