Linux Kernel udlfb Driver Divide-By-Zero Vulnerability in FBIOPUT_VSCREENINFO

A divide-by-zero vulnerability has been identified in the Linux kernel's udlfb driver, specifically within the framebuffer (fbdev) subsystem. This issue arises because the udlfb driver directly uses the pixclock variable in a division operation, which can lead to a crash if pixclock is zero. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a system crash due to a divide-by-zero error, which can lead to a denial of service by causing the system to become unresponsive or to fail to operate normally.

Reproduction

The vulnerability can be reproduced by using a version of the Linux kernel that includes the udlfb driver with dynamic modeset support, and by sending a framebuffer variable screen information command (FBIOPUT_VSCREENINFO) that includes a zero value for the pixclock variable. This will trigger the divide-by-zero error and cause a system crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.