CVE-2024-50288
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-50288 is a newly identified vulnerability in the Linux kernel affecting the media driver for the "vivid" module. This issue arises due to a buffer overwrite problem when using more than 32 buffers for video capture. The maximum number of buffers allowed for request was increased to 64, but the must-blank array, which is used to manage the buffers, remained sized for only 32. As a result, an out-of-bounds write occurs when using buffer indices above 32. This issue was resolved by creating a new define MAX_VID_CAP_BUFFERS and updating the max_num_buffers for the video capture queue. This patch addresses a reported crash in the bug tracking system (Bugzilla) with ID 219258.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX