{"vulnerability": "CVE-2024-50048", "sightings": [{"uuid": "b823ca37-09ab-482c-8b94-f6414a444b18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50048", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16646", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50048\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Fix a NULL pointer dereference issue in fbcon_putcs\n\nsyzbot has found a NULL pointer dereference bug in fbcon.\nHere is the simplified C reproducer:\n\nstruct param {\n uint8_t type;\n struct tiocl_selection ts;\n};\n\nint main()\n{\n struct fb_con2fbmap con2fb;\n struct param param;\n\n int fd = open(\"/dev/fb1\", 0, 0);\n\n con2fb.console = 0x19;\n con2fb.framebuffer = 0;\n ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb);\n\n param.type = 2;\n param.ts.xs = 0; param.ts.ys = 0;\n param.ts.xe = 0; param.ts.ye = 0;\n param.ts.sel_mode = 0;\n\n int fd1 = open(\"/dev/tty1\", O_RDWR, 0);\n ioctl(fd1, TIOCLINUX, &param);\n\n con2fb.console = 1;\n con2fb.framebuffer = 0;\n ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb);\n\n return 0;\n}\n\nAfter calling ioctl(fd1, TIOCLINUX, &param), the subsequent ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb)\ncauses the kernel to follow a different execution path:\n\n set_con2fb_map\n  -> con2fb_init_display\n   -> fbcon_set_disp\n    -> redraw_screen\n     -> hide_cursor\n      -> clear_selection\n       -> highlight\n        -> invert_screen\n         -> do_update_region\n          -> fbcon_putcs\n           -> ops->putcs\n\nSince ops->putcs is a NULL pointer, this leads to a kernel panic.\nTo prevent this, we need to call set_blitting_type() within set_con2fb_map()\nto properly initialize ops->putcs.\n\ud83d\udccf Published: 2024-10-21T19:39:45.146Z\n\ud83d\udccf Modified: 2025-05-16T07:25:10.799Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/8266ae6eafdcd5a3136592445ff4038bbc7ee80e\n2. https://git.kernel.org/stable/c/f7fb5dda555344529ce584ff7a28b109528d2f1b\n3. https://git.kernel.org/stable/c/e5c2dba62996a3a6eeb34bd248b90fc69c5a6a1b\n4. https://git.kernel.org/stable/c/5b97eebcce1b4f3f07a71f635d6aa3af96c236e7", "creation_timestamp": "2025-05-16T07:33:57.000000Z"}, {"uuid": "7765b2ce-816f-4603-a09c-6dbd99ea0c3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-50048", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}]}