Vulnerabilities > CVE-2022-3061 - Divide By Zero vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

linux

debian

CWE-369

NVD

Published: 2022-09-01

Updated: 2022-11-21

Summary

Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 5.18	1
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 11.0	2

Common Weakness Enumeration (CWE)

CWE-369 - Divide By Zero

References

https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?id=15cf0b82271b1823fb02ab8c377badba614d95d5
https://www.debian.org/security/2022/dsa-5257
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html