{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26777", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.177Z", "datePublished": "2024-04-03T17:01:02.935Z", "dateUpdated": "2024-11-05T09:15:37.485Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:15:37.485Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sis: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn't check the value of pixclock,\nit may cause divide-by-zero error.\n\nIn sisfb_check_var(), var->pixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/video/fbdev/sis/sis_main.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "84246c35ca34", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "6db07619d173", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "cd36da760bd1", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "df6e2088c6f4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "f329523f6a65", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "99f1abc34a6d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1d11dd3ea5d0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "e421946be7d9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/video/fbdev/sis/sis_main.c"], "versions": [{"version": "4.19.308", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.270", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.211", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.150", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.80", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.19", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.7", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"}, {"url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"}, {"url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"}, {"url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"}, {"url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"}, {"url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"}, {"url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"}, {"url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"}], "title": "fbdev: sis: Error out if pixclock equals zero", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26777", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T18:10:58.840983Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:48:30.706Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.470Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26777", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T18:10:58.840983Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:21.763Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "fbdev: sis: Error out if pixclock equals zero", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "84246c35ca34", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "6db07619d173", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "cd36da760bd1", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "df6e2088c6f4", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "f329523f6a65", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "99f1abc34a6d", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "1d11dd3ea5d0", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "e421946be7d9", "versionType": "git"}], "programFiles": ["drivers/video/fbdev/sis/sis_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.19.308", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.270", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.211", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.150", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.80", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.19", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.7", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/video/fbdev/sis/sis_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"}, {"url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"}, {"url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"}, {"url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"}, {"url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"}, {"url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"}, {"url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"}, {"url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sis: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn't check the value of pixclock,\nit may cause divide-by-zero error.\n\nIn sisfb_check_var(), var->pixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:22:32.770Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26777", "state": "PUBLISHED", "dateUpdated": "2024-05-29T05:22:32.770Z", "dateReserved": "2024-02-19T14:20:24.177Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-03T17:01:02.935Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sis: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn't check the value of pixclock,\nit may cause divide-by-zero error.\n\nIn sisfb_check_var(), var->pixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: sis: error si pixclock es igual a cero. El programa de espacio de usuario podr\u00eda pasar cualquier valor al controlador a trav\u00e9s de la interfaz ioctl(). Si el controlador no verifica el valor de pixclock, puede causar un error de divisi\u00f3n por cero. En sisfb_check_var(), var->pixclock se usa como divisor para calcular la velocidad antes de compararla con cero. Solucione este problema marc\u00e1ndolo al principio. Esto es similar a CVE-2022-3061 en i740fb que se solucion\u00f3 mediante el commit 15cf0b8."}], "id": "CVE-2024-26777", "lastModified": "2024-11-05T10:15:49.030", "metrics": {}, "published": "2024-04-03T17:15:53.303", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: fbdev: sis: Error out if pixclock equals zero", "id": "2273228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273228"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-369", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfbdev: sis: Error out if pixclock equals zero\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn't check the value of pixclock,\nit may cause divide-by-zero error.\nIn sisfb_check_var(), var->pixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."], "name": "CVE-2024-26777", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26777\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26777\nhttps://lore.kernel.org/linux-cve-announce/2024040309-CVE-2024-26777-3c7c@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 4.19.308, kernel 5.4.270, kernel 5.10.211, kernel 5.15.150, kernel 6.1.80, kernel 6.6.19, kernel 6.7.7, kernel 6.8"}