GHSA-C3H6-P6WC-J6MG

Vulnerability from github – Published: 2025-09-23 21:30 – Updated: 2025-09-23 21:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow

Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites.

CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. 2. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. 89 strcpy(chan->adapter.name, name);

Fix this warning by using strscpy() which will silence the warning and prevent any future buffer overflows should the names used to identify the channel become much longer.

Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2021-47642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T06:37:05Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow\n\nCoverity complains of a possible buffer overflow. However,\ngiven the \u0027static\u0027 scope of nvidia_setup_i2c_bus() it looks\nlike that can\u0027t happen after examiniing the call sites.\n\nCID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)\n1. fixed_size_dest: You might overrun the 48-character fixed-size string\n  chan-\u003eadapter.name by copying name without checking the length.\n2. parameter_as_source: Note: This defect has an elevated risk because the\n  source argument is a parameter of the current function.\n 89        strcpy(chan-\u003eadapter.name, name);\n\nFix this warning by using strscpy() which will silence the warning and\nprevent any future buffer overflows should the names used to identify the\nchannel become much longer.",
  "id": "GHSA-c3h6-p6wc-j6mg",
  "modified": "2025-09-23T21:30:53Z",
  "published": "2025-09-23T21:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47642"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/055cdd2e7b992921424d4daaa285ced787fb205f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08dff482012758935c185532b1ad7d584785a86e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/37a1a2e6eeeb101285cd34e12e48a881524701aa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41baa86b6c802cdc6ab8ff2d46c083c9be93de81"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/580e5d3815474b8349250c25c16416585a72c7fe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6a5226e544ac043bb2d8dc1bfe8920d02282f7cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/72dd5c46a152136712a55bf026a9aa8c1b12b60d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.