CVE-2024-50134

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 5, 2024

Updated: Nov 8, 2024

Summary

CVE-2024-50134 is a vulnerability affecting the Linux kernel's drm/vboxvideo driver. The issue arises from a failing memory write operation, specifically a "memcpy: detected field-spanning write error," due to a fake VLA (Variable Length Array) being used instead of a real one at the end of the vbva_mouse_pointer_shape. This error occurs when the driver attempts to update the mouse pointer shape buffer, causing a warning message and potential instability. The patch for this vulnerability does not modify the length calculation for the hgsmi buffer, but rather corrects the use of a fake VLA.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ztxv--
https://www.cve.org/CVERecord?id=CVE-2024-50134
https://nvd.nist.gov/vuln/detail/CVE-2024-50134

Back to Vulnerability Database

CVE-2024-50134

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations