| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061831-CVE-2022-50010-a0ff@gregkh>
Date: Wed, 18 Jun 2025 13:01:15 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-50010: video: fbdev: i740fb: Check the argument of i740_calc_vclk()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
video: fbdev: i740fb: Check the argument of i740_calc_vclk()
Since the user can control the arguments of the ioctl() from the user
space, under special arguments that may result in a divide-by-zero bug.
If the user provides an improper 'pixclock' value that makes the argumet
of i740_calc_vclk() less than 'I740_RFREQ_FIX', it will cause a
divide-by-zero bug in:
drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX)));
The following log can reveal it:
divide error: 0000 [#1] PREEMPT SMP KASAN PTI
RIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [inline]
RIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [inline]
RIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742
Call Trace:
fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034
do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110
fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189
Fix this by checking the argument of i740_calc_vclk() first.
The Linux kernel CVE team has assigned CVE-2022-50010 to this issue.
Affected and fixed versions
===========================
Fixed in 4.9.326 with commit 59cefb583c984c0da8cf21a4c57d26d5a20dff5c
Fixed in 4.14.291 with commit 656689cb03ada4650016c153346939a1c334b1ae
Fixed in 4.19.256 with commit d2d375eb68b4b8de6ea7460483a26fa9de56b443
Fixed in 5.4.211 with commit 2b7f559152a33c55f51b569b22efbe5e24886798
Fixed in 5.10.138 with commit 4b20c61365140d432dee7da7aa294215e7b900d9
Fixed in 5.15.63 with commit e740e787f06671455b59d1e498c9945f7b4e7b3b
Fixed in 5.19.4 with commit f350812e2d15278f1d867eeb997407782234fb3c
Fixed in 6.0 with commit 40bf722f8064f50200b8c4f8946cd625b441dda9
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-50010
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/video/fbdev/i740fb.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/59cefb583c984c0da8cf21a4c57d26d5a20dff5c
https://git.kernel.org/stable/c/656689cb03ada4650016c153346939a1c334b1ae
https://git.kernel.org/stable/c/d2d375eb68b4b8de6ea7460483a26fa9de56b443
https://git.kernel.org/stable/c/2b7f559152a33c55f51b569b22efbe5e24886798
https://git.kernel.org/stable/c/4b20c61365140d432dee7da7aa294215e7b900d9
https://git.kernel.org/stable/c/e740e787f06671455b59d1e498c9945f7b4e7b3b
https://git.kernel.org/stable/c/f350812e2d15278f1d867eeb997407782234fb3c
https://git.kernel.org/stable/c/40bf722f8064f50200b8c4f8946cd625b441dda9
Powered by blists - more mailing lists