CVE-2024-50180

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-50180

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50180.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-50180

Downstream

BELL-CVE-2024-50180

DEBIAN-CVE-2024-50180

DLA-4008-1

DLA-4075-1

OESA-2024-2446

OESA-2024-2491

OESA-2024-2493

OESA-2024-2494

SUSE-SU-2024:4314-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

openSUSE-SU-2024:14500-1

openSUSE-SU-2025:14705-1

Related

Published

2024-11-08T06:15:15Z

Modified

2025-10-01T21:15:59Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: sisfb: Fix strbuf array overflow

The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); more than 16 bytes will be written to strbuf. It is suggested to increase the size of the strbuf array to 24.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages