// For flags

CVE-2021-47642

video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow

Time Line
Published
2024-03-19
Updated
2024-03-19
Firt exploit
2024-03-19
Overview
Descriptions (1)
MITRE
CWE (0)
CAPEC (-)
Risk
CVSS Score
-
SSVC
-
KEV
-
EPSS
Affected Products (-)
Vendors (1)
linux
Products (1)
linux_kernel
Versions (9)
< 4.9.311, < 4.14.276, < 4.19.238, < 5.4.189, < 5.10.110, < 5.15.33, < 5.16.19, < 5.17.2, < 5.18
Intel Resources (-)
Advisories (-)
-
Exploits (-)
-
Plugins (-)
-
References (9)
General (-)
Exploits & POcs (-)
Patches (9)
kernel
Advisories (-)
Summary
Descriptions

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Coverity complains of a possible buffer overflow. However,
given the 'static' scope of nvidia_setup_i2c_bus() it looks
like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length.
2. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. 89 strcpy(chan->adapter.name, name); Fix this warning by using strscpy() which will silence the warning and
prevent any future buffer overflows should the names used to identify the
channel become much longer.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2025-02-26 CVE Reserved
  • 2025-02-26 CVE Published
  • 2025-02-26 CVE Updated
  • ---------- EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Threat Intelligence Resources (0)
Security Advisory details:

Select an advisory to view details here.

Select an exploit to view details here.

Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 4.9.311
Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.311"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 4.14.276
Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.276"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 4.19.238
Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.238"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 5.4.189
Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.189"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 5.10.110
Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.110"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 5.15.33
Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.33"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 5.16.19
Search vendor "Linux" for product "Linux Kernel" and version " < 5.16.19"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 5.17.2
Search vendor "Linux" for product "Linux Kernel" and version " < 5.17.2"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 5.18
Search vendor "Linux" for product "Linux Kernel" and version " < 5.18"
en
Affected