PT-2024-10034 · Linux+7 · Linux Kernel+7
Andrey Shumilin
·
Published
2024-09-28
·
Updated
2025-10-03
·
CVE-2024-50180
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a buffer overflow in the sisfb function of the Linux kernel. The variables
xres and yres are obtained from strbuf1 and placed in strbuf. When executing sprintf(strbuf, "%ux%ux8", xres, yres), more than 16 bytes will be written to strbuf, causing an overflow. It is suggested to increase the size of the strbuf array to 24. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.Recommendations
To resolve the issue, it is recommended to increase the size of the
strbuf array to 24. As a temporary workaround, consider restricting the use of the sisfb function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu