CVE-2024-50180

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-50180
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50180.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-50180
Downstream
Related
Published
2024-11-08T06:15:15Z
Modified
2025-10-01T21:15:59Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: sisfb: Fix strbuf array overflow

The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); more than 16 bytes will be written to strbuf. It is suggested to increase the size of the strbuf array to 24.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages