CVE-2024-26777: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-26777 is a vulnerability in the Linux kernel's framebuffer device (fbdev) SiS driver. The vulnerability was discovered on January 18, 2024, and disclosed on April 3, 2024. It affects various versions of the Linux kernel, including versions from 4.20 through 6.7 (NVD).

The vulnerability occurs in the SiS framebuffer driver where a userspace program can pass arbitrary values to the driver through the ioctl() interface. Specifically, in the sisfbcheckvar() function, var->pixclock is used as a divisor to calculate drate before it is checked against zero, which could lead to a divide-by-zero error. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

If exploited, this vulnerability could lead to a denial of service condition through a divide-by-zero error in the kernel's SiS framebuffer driver. The impact is limited to availability with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed by adding a check for zero pixclock value at the beginning of the sisfbcheckvar() function. The fix has been implemented in various kernel versions and backported to multiple stable branches. The patch is similar to a previous fix for CVE-2022-3061 in the i740fb driver (Kernel Patch).