CVE-2022-50102

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

n the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug in: drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul); with hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0. and then in: drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par->dac, 0, 1000000000 / pixclock); we'll get a division-by-zero. The following log can reveal it: divide error: 0000 [#1] PREEMPT SMP KASAN PTI RIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [inline] RIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784 Call Trace: fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189 Fix this by checking the argument of ark_set_pixclock() first.

References

Link	Resource
https://git.kernel.org/stable/c/0288fa799e273b08839037499d704dc7bdc13e9a	Patch
https://git.kernel.org/stable/c/15661642511b2b192077684a89f42a8d95d54286	Patch
https://git.kernel.org/stable/c/236c1502520b7b08955467ec2e50b3232e34f1f9	Patch
https://git.kernel.org/stable/c/2f1c4523f7a3aaabe7e53d3ebd378292947e95c8	Patch
https://git.kernel.org/stable/c/76b3f0a0b56e53a960a14624a0f48b3d94b5e7e7	Patch
https://git.kernel.org/stable/c/9ebc5031958c1f3a2795e4533b4091d77c738d14	Patch
https://git.kernel.org/stable/c/a249e1b89ca25e1c34bdf96154e3f6224a91a9af	Patch
https://git.kernel.org/stable/c/b9a66f23612b84617e04412169e155a4b92f632d	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

19 Nov 2025, 13:43

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: video: fbdev: arkfb: Corrige un error de división por cero en ark_set_pixclock() Dado que el usuario puede controlar los argumentos de ioctl() desde el espacio de usuario, bajo argumentos especiales que pueden resultar en un error de división por cero en: drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul); con hdiv=1, pixclock=1 y hmul=2 terminas con (1*1)/2 = (int) 0. y luego en: drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par->dac, 0, 1000000000 / pixclock); obtendremos una división por cero. El siguiente registro puede revelarlo: error de división: 0000 [#1] PREEMPT SMP KASAN PTI RIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [en línea] RIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784 Rastreo de llamadas: fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189 Solucione esto marcando el argumento de ark_set_pixclock() primero.
References	~~() https://git.kernel.org/stable/c/0288fa799e273b08839037499d704dc7bdc13e9a -~~	() https://git.kernel.org/stable/c/0288fa799e273b08839037499d704dc7bdc13e9a - Patch
References	~~() https://git.kernel.org/stable/c/15661642511b2b192077684a89f42a8d95d54286 -~~	() https://git.kernel.org/stable/c/15661642511b2b192077684a89f42a8d95d54286 - Patch
References	~~() https://git.kernel.org/stable/c/236c1502520b7b08955467ec2e50b3232e34f1f9 -~~	() https://git.kernel.org/stable/c/236c1502520b7b08955467ec2e50b3232e34f1f9 - Patch
References	~~() https://git.kernel.org/stable/c/2f1c4523f7a3aaabe7e53d3ebd378292947e95c8 -~~	() https://git.kernel.org/stable/c/2f1c4523f7a3aaabe7e53d3ebd378292947e95c8 - Patch
References	~~() https://git.kernel.org/stable/c/76b3f0a0b56e53a960a14624a0f48b3d94b5e7e7 -~~	() https://git.kernel.org/stable/c/76b3f0a0b56e53a960a14624a0f48b3d94b5e7e7 - Patch
References	~~() https://git.kernel.org/stable/c/9ebc5031958c1f3a2795e4533b4091d77c738d14 -~~	() https://git.kernel.org/stable/c/9ebc5031958c1f3a2795e4533b4091d77c738d14 - Patch
References	~~() https://git.kernel.org/stable/c/a249e1b89ca25e1c34bdf96154e3f6224a91a9af -~~	() https://git.kernel.org/stable/c/a249e1b89ca25e1c34bdf96154e3f6224a91a9af - Patch
References	~~() https://git.kernel.org/stable/c/b9a66f23612b84617e04412169e155a4b92f632d -~~	() https://git.kernel.org/stable/c/b9a66f23612b84617e04412169e155a4b92f632d - Patch
CWE		CWE-369

18 Jun 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-18 11:15

Updated : 2025-11-19 13:43

NVD link : CVE-2022-50102

Mitre link : CVE-2022-50102

CVE.ORG link : CVE-2022-50102

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-369

Divide By Zero

5.5 /10