Linux Kernel Arkfb Video Driver Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's arkfb video framebuffer driver. The issue arises in the 'arkfb_set_par()' function, where the 'screen_size' value is calculated based on user input. If an improper value is provided, 'screen_size' may exceed 'info->screen_size', leading to a page fault error. This error occurs because the kernel attempts to write to a non-present memory page, causing a crash.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing a denial-of-service condition by crashing the system.

Reproduction

The vulnerability can be reproduced by sending a user input that specifies a 'screen_size' larger than the allowed maximum. This can be done through a framebuffer ioctl command, which will trigger the page fault error when the kernel tries to process the oversized screen size.