VDB
DEBIAN-CVE-2024-50180
DEBIAN-CVE-2024-50180
PUBLISHED
CVSS 7.800000190734863 HIGH
In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); more than 16 bytes will be written to strbuf. It is suggested to increase the size of the strbuf array to 24. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux-6.1 | 0, 6.1.112-1, 6.1.106-3 |
| Debian:11 | linux | 5.10.226-1, 5.10.197-1, 5.10.205-1 |
| Debian:14 | linux | 0, 0 |
| Debian:13 | linux | 0, 0 |
| Debian:12 | linux | 6.1.64-1, 6.1.66-1, 6.1.67-1 |
Timeline
- Nov 8, 2024 CVE Published
- Apr 28, 2026 CVE Updated