#VU91372 Division by zero in Linux kernel - CVE-2024-35922
Vulnerability identifier: #VU91372
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-369
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the fb_get_mode() and fb_videomode_from_videomode() functions in drivers/video/fbdev/core/fbmon.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1fb52bc1de55e9e0bdf71fe078efd4da0889710f
https://git.kernel.org/stable/c/72d091b7515e0532ee015e144c906f3bcfdd6270
https://git.kernel.org/stable/c/951838fee462aa01fa2a6a91d56f9a495082e7f0
https://git.kernel.org/stable/c/48d6bcfc31751ca2e753d901a2d82f27edf8a029
https://git.kernel.org/stable/c/664206ff8b019bcd1e55b10b2eea3add8761b971
https://git.kernel.org/stable/c/3d4b909704bf2114f64f87363fa22b5ef8ac4a33
https://git.kernel.org/stable/c/1b107d637fed68a787da77a3514ad06e57abd0b4
https://git.kernel.org/stable/c/c2d953276b8b27459baed1277a4fdd5dd9bd4126
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
