{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-50134","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-10-21T19:36:19.955Z","datePublished":"2024-11-05T17:10:58.939Z","dateUpdated":"2025-11-03T22:25:54.618Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:46:55.568Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA\n\nReplace the fake VLA at end of the vbva_mouse_pointer_shape shape with\na real VLA to fix a \"memcpy: detected field-spanning write error\" warning:\n\n[   13.319813] memcpy: detected field-spanning write (size 16896) of single field \"p->data\" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4)\n[   13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo]\n[   13.320038] Call Trace:\n[   13.320173]  hgsmi_update_pointer_shape [vboxvideo]\n[   13.320184]  vbox_cursor_atomic_update [vboxvideo]\n\nNote as mentioned in the added comment it seems the original length\ncalculation for the allocated and send hgsmi buffer is 4 bytes too large.\nChanging this is not the goal of this patch, so this behavior is kept."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/vboxvideo/hgsmi_base.c","drivers/gpu/drm/vboxvideo/vboxvideo.h"],"versions":[{"version":"dd55d44f408419278c00887bfcb2261d0caae350","lessThan":"02c86c5d5ef4bbba17d38859c74872825f536617","status":"affected","versionType":"git"},{"version":"dd55d44f408419278c00887bfcb2261d0caae350","lessThan":"75f828e944dacaac8870418461d3d48a1ecf2331","status":"affected","versionType":"git"},{"version":"dd55d44f408419278c00887bfcb2261d0caae350","lessThan":"34a422274b693507025a7db21519865d1862afcb","status":"affected","versionType":"git"},{"version":"dd55d44f408419278c00887bfcb2261d0caae350","lessThan":"7458a6cdaebb3dc59af8578ee354fae78a154c4a","status":"affected","versionType":"git"},{"version":"dd55d44f408419278c00887bfcb2261d0caae350","lessThan":"9eb32bd23bbcec44bcbef27b7f282b7a7f3d0391","status":"affected","versionType":"git"},{"version":"dd55d44f408419278c00887bfcb2261d0caae350","lessThan":"fae9dc12c61ce23cf29d09824a741b7b1ff8f01f","status":"affected","versionType":"git"},{"version":"dd55d44f408419278c00887bfcb2261d0caae350","lessThan":"d92b90f9a54d9300a6e883258e79f36dab53bfae","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/vboxvideo/hgsmi_base.c","drivers/gpu/drm/vboxvideo/vboxvideo.h"],"versions":[{"version":"4.13","status":"affected"},{"version":"0","lessThan":"4.13","status":"unaffected","versionType":"semver"},{"version":"5.4.285","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.229","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.170","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.115","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.59","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.11.6","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.4.285"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.10.229"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.15.170"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.1.115"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.6.59"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.11.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/02c86c5d5ef4bbba17d38859c74872825f536617"},{"url":"https://git.kernel.org/stable/c/75f828e944dacaac8870418461d3d48a1ecf2331"},{"url":"https://git.kernel.org/stable/c/34a422274b693507025a7db21519865d1862afcb"},{"url":"https://git.kernel.org/stable/c/7458a6cdaebb3dc59af8578ee354fae78a154c4a"},{"url":"https://git.kernel.org/stable/c/9eb32bd23bbcec44bcbef27b7f282b7a7f3d0391"},{"url":"https://git.kernel.org/stable/c/fae9dc12c61ce23cf29d09824a741b7b1ff8f01f"},{"url":"https://git.kernel.org/stable/c/d92b90f9a54d9300a6e883258e79f36dab53bfae"}],"title":"drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:25:54.618Z"}}]}}