Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:fbdev: sisfb: Fix strbuf array overflowThe values of the variables xres and yres are placed in strbuf.These variables are obtained from strbuf1.The strbuf1 array contains digit charactersand a space if the array contains non-digit characters.Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres);more than 16 bytes will be written to strbuf.It is suggested to increase the size of the strbuf array to 24.Found by Linux Verification Center (linuxtesting.org) with SVACE.
No PoCs from references.
- https://github.com/w4zu/Debian_security