CVE-2022-49978
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-11-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fbdev: fb_pm2fb: Avoid potential divide by zero error In `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be copied from user, then go through `fb_set_var()` and `info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`. Along the path, `var->pixclock` won't be modified. This function checks whether reciprocal of `var->pixclock` is too high. If `var->pixclock` is zero, there will be a divide by zero error. So, it is necessary to check whether denominator is zero to avoid crash. As this bug is found by Syzkaller, logs are listed below. divide error in pm2fb_check_var Call Trace: <TASK> fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-11-14
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2022-49978
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel 6.0
linux linux_kernel 6.0
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-369 The product divides a value by zero.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a potential divide by zero error in the Linux kernel's framebuffer device driver (fbdev), specifically in the pm2fb driver. When a certain ioctl command (FBIOPUT_VSCREENINFO) is processed, a variable 'pixclock' can be zero, and the code attempts to calculate its reciprocal without checking if it is zero first. This leads to a divide by zero error, which can cause the kernel to crash.


How can this vulnerability impact me? :

The vulnerability can cause the Linux kernel to crash due to a divide by zero error in the framebuffer driver. This can lead to system instability or denial of service, affecting the availability of the system.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking system logs for the specific error message "divide error in pm2fb_check_var" and examining kernel call traces related to fbmem.c functions such as do_fb_ioctl and fb_set_var. You can use commands like `dmesg | grep 'divide error in pm2fb_check_var'` or `journalctl -k | grep 'divide error in pm2fb_check_var'` to find relevant kernel log entries indicating the issue.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating the Linux kernel to a version where this divide by zero error in pm2fb_check_var has been fixed. Avoid using or triggering the FBIOPUT_VSCREENINFO ioctl command with zero pixclock values until the patch is applied. Monitoring logs for the error and restricting access to framebuffer ioctl operations can also help reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart