VDB

DEBIAN-CVE-2024-50180

DEBIAN-CVE-2024-50180 PUBLISHED CVSS 7.800000190734863 HIGH

In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); more than 16 bytes will be written to strbuf. It is suggested to increase the size of the strbuf array to 24. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:11linux-6.10, 6.1.112-1, 6.1.106-3
Debian:11linux5.10.226-1, 5.10.197-1, 5.10.205-1
Debian:14linux0, 0
Debian:13linux0, 0
Debian:12linux6.1.64-1, 6.1.66-1, 6.1.67-1

Timeline

  • Nov 8, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›