CVE-2023-54116

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the drm/fbdev-generic component that may lead to out-of-bounds access. Specifically, the issue arises from the fbdev test within the IGT (Intel Graphics Test) suite, potentially causing a kernel hang when running on certain platforms like x86+ast2400 with a 1680x1050 resolution. The root cause is that damage rectangles calculated by the drm fb helper memory range to clip() function are not always constrained within the screen's active display area. This can occur due to buffer allocation granularity (page size) and an off-by-one error introduced by the DIV ROUND UP() function. The memcpy toio() function may then attempt to copy data beyond the allocated buffer boundaries, leading to the observed out-of-bounds access. The issue is related to the calculation of the buffer size and the potential for exceeding the allocated memory when copying the last line of the framebuffer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.