CVE-2024-50048

Updated: 2024-11-04 15:45:02.466021

Description:

In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param { uint8_t type; struct tiocl_selection ts; }; int main() { struct fb_con2fbmap con2fb; struct param param; int fd = open("/dev/fb1", 0, 0); con2fb.console = 0x19; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb); param.type = 2; param.ts.xs = 0; param.ts.ys = 0; param.ts.xe = 0; param.ts.ye = 0; param.ts.sel_mode = 0; int fd1 = open("/dev/tty1", O_RDWR, 0); ioctl(fd1, TIOCLINUX, &param); con2fb.console = 1; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb); return 0; } After calling ioctl(fd1, TIOCLINUX, &param), the subsequent ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb) causes the kernel to follow a different execution path: set_con2fb_map -> con2fb_init_display -> fbcon_set_disp -> redraw_screen -> hide_cursor -> clear_selection -> highlight -> invert_screen -> do_update_region -> fbcon_putcs -> ops->putcs Since ops->putcs is a NULL pointer, this leads to a kernel panic. To prevent this, we need to call set_blitting_type() within set_con2fb_map() to properly initialize ops->putcs.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2024-11-05 04:30:01
AlmaLinux 9.2 FIPS kernel 5.14.0 5.5 MEDIUM Ignored 2024-11-05 04:30:01
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-11-05 04:30:02
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-11-05 04:30:01
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-11-05 04:30:01
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-11-05 04:30:01
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-11-05 04:30:01
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-11-05 04:30:02
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-11-05 04:30:01
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-11-05 04:30:01
Total: 14