CVE-2022-3061 - Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the drive

CVE-2022-3061

Summary

Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.

References

https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?id=15cf0b82271b1823fb02ab8c377badba614d95d5
https://www.debian.org/security/2022/dsa-5257
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:5.18:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.18:rc5:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-369

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

21-11-2022 - 19:45

Published

01-09-2022 - 18:15

Last modified

21-11-2022 - 19:45