CVE-2024-50134

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: A vulnerability has been resolved in the Linux kernel, specifically in the drm/vboxvideo component. The issue involved a fake VLA at the end of the vbva mouse pointer shape shape, which has been replaced with a real VLA to fix a "memcpy: detected field-spanning write error" warning. The warning occurred due to a field-spanning write of size 16896 of single field "p->data" at drivers/gpu/drm/vboxvideo/hgsmi base.c:154. The function hgsmi update pointer shape and vbox cursor atomic update were involved in the issue. The original length calculation for the allocated and sent hgsmi buffer was 4 bytes too large, but this behavior was kept as it was not the goal of the patch.

Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable hgsmi update pointer shape and vbox cursor atomic update functions until a patch is available.