CVE-2021-47383
Published: May 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct containing only the fields xres, yres, and bits_per_pixel with values. If this struct is the same as the previous ioctl, the vc_resize() detects it and doesn't call the resize_screen(), leaving the fb_var_screeninfo incomplete. And this leads to the updatescrollmode() calculates a wrong value to fbcon_display->vrows, which makes the real_y() return a wrong value of y, and that value, eventually, causes the imageblit to access an out-of-bound address value. To solve this issue I made the resize_screen() be called even if the screen does not need any resizing, so it will "fix and fill" the fb_var_screeninfo independently.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 7e71fcedfda6f7de18f850a6b36e78d78b04476faffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 70aed03b1d5a5df974f456cdc8eedb213c94bb8baffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 067c694d06040db6f0c65281bb358452ca6d85b9affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 8a6a240f52e14356386030d8958ae8b1761d2325affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 883f7897a25e3ce14a7f274ca4c73f49ac84002a+3 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 4.4.286 - <= 4.4.*unaffected 4.9.285 - <= 4.9.*unaffected 4.14.249 - <= 4.14.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now