CVE-2024-50180
Published: November 12, 2024Last modified: November 12, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); more than 16 bytes will be written to strbuf. It is suggested to increase the size of the strbuf array to 24. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.114-r0) |
| Stream | linux-lts | Fixed (6.6.58-r0) |
References
- https://git.kernel.org/stable/c/11c0d49093b82f6c547fd419c41a982d26bdf5ef
- https://git.kernel.org/stable/c/252f147b1826cbb30ae0304cf86b66d3bb12b743
- https://git.kernel.org/stable/c/41cf6f26abe4f491b694c54bd1aa2530369b7510
- https://git.kernel.org/stable/c/433c84c8495008922534c5cafdae6ff970fb3241
- https://git.kernel.org/stable/c/57c4f4db0a194416da237fd09dad9527e00cb587
- https://git.kernel.org/stable/c/688872c4ea4a528cd6a057d545c83506b533ee1f
- https://git.kernel.org/stable/c/889304120ecb2ca30674d89cd4ef15990b6a571c
- https://git.kernel.org/stable/c/9cf14f5a2746c19455ce9cb44341b5527b5e19c3