Описание
In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when:
- Unregistration creates NULL gaps in registered_fb[]
- All array slots become occupied despite num_registered_fb < FB_MAX
- The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access.
Отчет
A flaw was found in fbdev’s do_register_framebuffer() where gaps in registered_fb[] combined with a full array could let the loop step past FB_MAX, causing an out-of-bounds access and kernel memory corruption. This is locally reachable only through privileged framebuffer registration paths (e.g., driver probe/hotplug) and can lead to system instability or crash. Exploitable only on systems that actually use the legacy fbdev stack. Modern desktops/servers typically don’t expose or rely on /dev/fb*.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access.
In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access.
fbdev: fix potential buffer overflow in do_register_framebuffer()
In the Linux kernel, the following vulnerability has been resolved: f ...
In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access.
EPSS
6 Medium
CVSS3