Linux Kernel Division by Zero Vulnerability in Framebuffer CVT Handling

Vulnerability

A vulnerability in the Linux kernel's framebuffer (fbdev) component has been addressed. The issue arose in the function fb_find_mode_cvt(), where an overflow could occur if the mode's refresh rate was 0x80000000. This overflow would result in a refresh value of 0, which is then used as a divisor in fb_cvt_hperiod(). Such a division by zero would cause a kernel oops error. The vulnerability has been resolved by adding a sanity check to prevent the overflow.

Impact

Exploitation of this vulnerability could lead to a division by zero error, causing a kernel oops, which is a type of error that indicates a serious problem in the kernel that can lead to a system crash.

Added: Jul 10, 2025, 11:44 AM

Updated: Jul 10, 2025, 11:44 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Division by Zero Vulnerability in Framebuffer CVT Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating