CVE-2022-50102

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()<br /> <br /> Since the user can control the arguments of the ioctl() from the user<br /> space, under special arguments that may result in a divide-by-zero bug<br /> in:<br /> drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info-&gt;var.pixclock) / hmul);<br /> with hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0.<br /> and then in:<br /> drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par-&gt;dac, 0, 1000000000 / pixclock);<br /> we&amp;#39;ll get a division-by-zero.<br /> <br /> The following log can reveal it:<br /> <br /> divide error: 0000 [#1] PREEMPT SMP KASAN PTI<br /> RIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [inline]<br /> RIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784<br /> Call Trace:<br /> fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034<br /> do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110<br /> fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189<br /> <br /> Fix this by checking the argument of ark_set_pixclock() first.