Linux Kernel Cirrusfb Driver Divide-By-Zero Vulnerability

A vulnerability in the Linux kernel's Cirrus framebuffer driver can lead to a divide-by-zero error. This issue arises because the driver does not properly validate the 'pixclock' value. When 'pixclock' is zero, the driver attempts to round it up to derive a frequency close to the maximum allowed, which can cause a division error. This vulnerability was reported by Syzkaller.

Impact

Exploitation of this vulnerability causes a divide-by-zero error, leading to a crash of the affected process.

Reproduction

The vulnerability can be reproduced by using the Cirrus framebuffer driver with a 'pixclock' value set to zero. This can be done by configuring a virtual machine to use the QEMU Standard PC (i440FX + PIIX, 1996) hardware profile and then loading the Cirrus framebuffer driver. Once the driver is active, the 'pixclock' value can be manipulated to trigger the divide-by-zero error.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed.