CVE-2024-56369: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56369 is a vulnerability in the Linux kernel's DRM (Direct Rendering Manager) subsystem, specifically in the drmmodevrefresh() function. The vulnerability was discovered and disclosed in January 2025, affecting multiple versions of the Linux kernel. The function attempts to prevent divide-by-zero operations by checking whether htotal or vtotal values are zero, but it could still result in a division by zero when calculating vtotal*htotal (NVD).

The vulnerability is classified as CWE-369 (Divide By Zero) with a CVSS v3.1 Base Score of 5.5 (Medium) and vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue occurs in the drmmodevrefresh() function where the code attempts to calculate refresh rates but fails to properly handle potential arithmetic overflow conditions that could lead to a divide-by-zero scenario (NVD).

The vulnerability can lead to a divide-by-zero condition in the Linux kernel's DRM subsystem, potentially causing system crashes or denial of service conditions. The impact is limited to availability (A:H) with no direct effects on confidentiality or integrity of the system (NVD).

The vulnerability has been patched in various Linux kernel versions. Fixed versions include Linux kernel 5.15.176, 6.1.122, 6.6.68, and 6.12.7. The fix involves implementing proper overflow checks in the drmmodevrefresh() function to prevent the divide-by-zero condition (Debian Security).