CVE-2024-26778

Updated: 2025-08-20 02:38:28.189754

Description:

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although pixclock is checked in savagefb_decode_var(), but it is not checked properly in savagefb_probe(). Fix this by checking whether pixclock is zero in the function savagefb_check_var() before info->var.pixclock is used as the divisor. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2025-03-02 21:45:26 This bug is confined to the legacy fbdev “savagefb” driver for S3 Savage PCI/AGP GPUs and yields...
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2025-03-02 21:45:26 Ignored due to low severity
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2025-03-02 21:45:25 Ignored due to low severity
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2025-03-02 21:45:25 Ignored due to low severity
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2025-03-02 21:45:25 Ignored due to low severity
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2025-03-02 21:45:25 Ignored due to low severity
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2025-03-02 21:45:26 Ignored due to low severity
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2025-03-02 21:45:25 Ignored due to low severity
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2025-03-02 21:45:25 Ignored due to low severity
Oracle Linux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2025-03-02 21:45:25 Ignored due to low severity
Total: 14