CVE-2024-50048

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A NULL pointer dereference issue in the Linux kernel's fbcon putcs function has been resolved. The issue was discovered by syzbot and can be triggered by calling ioctl(fd1, TIOCLINUX, &param) followed by ioctl(fd, FBIOPUT CON2FBMAP, &con2fb), causing the kernel to follow a different execution path and leading to a kernel panic. The vulnerable execution path includes the functions set con2fb map, con2fb init display, fbcon set disp, redraw screen, hide cursor, clear selection, highlight, invert screen, do update region, fbcon putcs, and ops->putcs. To prevent this, it is necessary to call set blitting type() within set con2fb map() to properly initialize ops->putcs.

Recommendations: To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider restricting access to the vulnerable ioctl functions until a patch is available. Avoid using the param struct with type 2 in the TIOCLINUX ioctl call until the issue is resolved.