SB20250226642 - Buffer overflow in Linux kernel fbdev nvidia driver
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226642
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2021-47642)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nvidia_setup_i2c_bus() function in drivers/video/fbdev/nvidia/nv_i2c.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/055cdd2e7b992921424d4daaa285ced787fb205f
- https://git.kernel.org/stable/c/08dff482012758935c185532b1ad7d584785a86e
- https://git.kernel.org/stable/c/37a1a2e6eeeb101285cd34e12e48a881524701aa
- https://git.kernel.org/stable/c/41baa86b6c802cdc6ab8ff2d46c083c9be93de81
- https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5
- https://git.kernel.org/stable/c/580e5d3815474b8349250c25c16416585a72c7fe
- https://git.kernel.org/stable/c/6a5226e544ac043bb2d8dc1bfe8920d02282f7cd
- https://git.kernel.org/stable/c/72dd5c46a152136712a55bf026a9aa8c1b12b60d
- https://git.kernel.org/stable/c/9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.33