CVE-2021-47383: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct containing only the fields xres, yres, and bits_per_pixel with values. If this struct is the same as the previous ioctl, the vc_resize() detects it and doesn't call the resize_screen(), leaving the fb_var_screeninfo incomplete. And this leads to the updatescrollmode() calculates a wrong value to fbcon_display->vrows, which makes the real_y() return a wrong value of y, and that value, eventually, causes the imageblit to access an out-of-bound address value. To solve this issue I made the resize_screen() be called even if the screen does not need any resizing, so it will "fix and fill" the fb_var_screeninfo independently.
AI Analysis
Technical Summary
CVE-2021-47383 is a vulnerability identified in the Linux kernel's framebuffer console (fbcon) subsystem, specifically related to the handling of the FBIOPUT_VSCREENINFO ioctl call. This ioctl is used by userspace programs to set variable screen information via the fb_var_screeninfo structure. The vulnerability arises when the structure passed contains only partial fields (xres, yres, and bits_per_pixel) with values identical to a previous ioctl call. Under these conditions, the kernel's vc_resize() function incorrectly determines that no screen resize is necessary and skips calling resize_screen(). As a result, the fb_var_screeninfo structure remains incomplete. This incomplete data causes the updatescrollmode() function to compute an incorrect value for fbcon_display->vrows, which in turn leads the real_y() function to return an invalid y coordinate. Ultimately, this chain of miscalculations causes the imageblit function to perform an out-of-bound access on vmalloc memory, leading to a potential memory corruption or kernel crash. The patch fixes this by ensuring resize_screen() is called regardless of whether a resize is detected, thus properly initializing and filling the fb_var_screeninfo structure to prevent the out-of-bound access. This vulnerability affects Linux kernel versions prior to the patch date and is related to framebuffer device ioctl handling, a critical component for graphical console operations on Linux systems.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, particularly for those relying on Linux-based systems with framebuffer console support, such as embedded devices, industrial control systems, or servers using framebuffer for console output. Exploitation could lead to kernel crashes (denial of service) or potentially enable local privilege escalation if an attacker can manipulate the framebuffer ioctl calls. While remote exploitation is unlikely without local access, compromised or malicious users or processes could exploit this flaw to destabilize systems or escalate privileges. This could disrupt critical infrastructure, manufacturing systems, or enterprise servers running Linux, causing operational downtime and potential data integrity issues. Given the widespread use of Linux in European IT environments, especially in sectors like telecommunications, manufacturing, and government, the vulnerability poses a moderate risk if left unpatched.
Mitigation Recommendations
European organizations should prioritize patching Linux kernels to the fixed versions that include the resize_screen() call correction. Specifically, kernel updates from May 2024 onward should be applied promptly. For systems where immediate patching is not feasible, restricting access to framebuffer ioctl calls via mandatory access controls (e.g., SELinux, AppArmor) or limiting userspace program permissions can reduce exploitation risk. Additionally, monitoring for unusual ioctl calls or kernel crashes related to framebuffer operations can help detect attempted exploitation. Organizations should also audit embedded and industrial Linux devices that may not receive regular updates and plan for firmware or kernel upgrades. Implementing robust local user privilege management and minimizing the number of users with access to framebuffer device interfaces will further reduce attack surface.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2021-47383: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct containing only the fields xres, yres, and bits_per_pixel with values. If this struct is the same as the previous ioctl, the vc_resize() detects it and doesn't call the resize_screen(), leaving the fb_var_screeninfo incomplete. And this leads to the updatescrollmode() calculates a wrong value to fbcon_display->vrows, which makes the real_y() return a wrong value of y, and that value, eventually, causes the imageblit to access an out-of-bound address value. To solve this issue I made the resize_screen() be called even if the screen does not need any resizing, so it will "fix and fill" the fb_var_screeninfo independently.
AI-Powered Analysis
Technical Analysis
CVE-2021-47383 is a vulnerability identified in the Linux kernel's framebuffer console (fbcon) subsystem, specifically related to the handling of the FBIOPUT_VSCREENINFO ioctl call. This ioctl is used by userspace programs to set variable screen information via the fb_var_screeninfo structure. The vulnerability arises when the structure passed contains only partial fields (xres, yres, and bits_per_pixel) with values identical to a previous ioctl call. Under these conditions, the kernel's vc_resize() function incorrectly determines that no screen resize is necessary and skips calling resize_screen(). As a result, the fb_var_screeninfo structure remains incomplete. This incomplete data causes the updatescrollmode() function to compute an incorrect value for fbcon_display->vrows, which in turn leads the real_y() function to return an invalid y coordinate. Ultimately, this chain of miscalculations causes the imageblit function to perform an out-of-bound access on vmalloc memory, leading to a potential memory corruption or kernel crash. The patch fixes this by ensuring resize_screen() is called regardless of whether a resize is detected, thus properly initializing and filling the fb_var_screeninfo structure to prevent the out-of-bound access. This vulnerability affects Linux kernel versions prior to the patch date and is related to framebuffer device ioctl handling, a critical component for graphical console operations on Linux systems.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, particularly for those relying on Linux-based systems with framebuffer console support, such as embedded devices, industrial control systems, or servers using framebuffer for console output. Exploitation could lead to kernel crashes (denial of service) or potentially enable local privilege escalation if an attacker can manipulate the framebuffer ioctl calls. While remote exploitation is unlikely without local access, compromised or malicious users or processes could exploit this flaw to destabilize systems or escalate privileges. This could disrupt critical infrastructure, manufacturing systems, or enterprise servers running Linux, causing operational downtime and potential data integrity issues. Given the widespread use of Linux in European IT environments, especially in sectors like telecommunications, manufacturing, and government, the vulnerability poses a moderate risk if left unpatched.
Mitigation Recommendations
European organizations should prioritize patching Linux kernels to the fixed versions that include the resize_screen() call correction. Specifically, kernel updates from May 2024 onward should be applied promptly. For systems where immediate patching is not feasible, restricting access to framebuffer ioctl calls via mandatory access controls (e.g., SELinux, AppArmor) or limiting userspace program permissions can reduce exploitation risk. Additionally, monitoring for unusual ioctl calls or kernel crashes related to framebuffer operations can help detect attempted exploitation. Organizations should also audit embedded and industrial Linux devices that may not receive regular updates and plan for firmware or kernel upgrades. Implementing robust local user privilege management and minimizing the number of users with access to framebuffer device interfaces will further reduce attack surface.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T14:58:30.812Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe8f78
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 12:12:37 PM
Last updated: 8/13/2025, 2:56:21 PM
Views: 12
Related Threats
CVE-2025-9052: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumCVE-2025-9051: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-1929: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.