Fixed
Created: Jul 10, 2025
Updated: Jul 14, 2025
Resolved Date: Jul 14, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()[EOL][EOL]In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000,[EOL]cvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It's[EOL]then passed to fb_cvt_hperiod(), where it's used as a divider -- division[EOL]by 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to[EOL]avoid such overflow...[EOL][EOL]Found by Linux Verification Center (linuxtesting.org) with the Svace static[EOL]analysis tool.
CREATE(Triage):(User=admin) [CVE-2025-38312 (https://nvd.nist.gov/vuln/detail/CVE-2025-38312)
