ghsa-6hr7-2c35-r8xm
Vulnerability from github
Published
2024-11-08 06:30
Modified
2024-11-29 21:31
Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
fbdev: sisfb: Fix strbuf array overflow
The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); more than 16 bytes will be written to strbuf. It is suggested to increase the size of the strbuf array to 24.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{ "affected": [], "aliases": [ "CVE-2024-50180" ], "database_specific": { "cwe_ids": [ "CWE-787" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-11-08T06:15:15Z", "severity": "HIGH" }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sisfb: Fix strbuf array overflow\n\nThe values of the variables xres and yres are placed in strbuf.\nThese variables are obtained from strbuf1.\nThe strbuf1 array contains digit characters\nand a space if the array contains non-digit characters.\nThen, when executing sprintf(strbuf, \"%ux%ux8\", xres, yres);\nmore than 16 bytes will be written to strbuf.\nIt is suggested to increase the size of the strbuf array to 24.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "id": "GHSA-6hr7-2c35-r8xm", "modified": "2024-11-29T21:31:01Z", "published": "2024-11-08T06:30:48Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50180" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/11c0d49093b82f6c547fd419c41a982d26bdf5ef" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/252f147b1826cbb30ae0304cf86b66d3bb12b743" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/41cf6f26abe4f491b694c54bd1aa2530369b7510" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/433c84c8495008922534c5cafdae6ff970fb3241" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/57c4f4db0a194416da237fd09dad9527e00cb587" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/688872c4ea4a528cd6a057d545c83506b533ee1f" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/889304120ecb2ca30674d89cd4ef15990b6a571c" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/9cf14f5a2746c19455ce9cb44341b5527b5e19c3" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.