Linux Kernel Buffer Overflow Vulnerability in Nvidia Framebuffer Driver

Vulnerability

A buffer overflow vulnerability has been identified in the Linux kernel's Nvidia framebuffer (nvidiafb) driver. The issue arises from the use of 'strcpy' to copy names into a fixed-size buffer, potentially allowing for an overflow if the names exceed 48 characters. Although initial concerns suggested a possible overflow, a review of the function's call sites indicated that such an overflow was unlikely. The vulnerability has been addressed by replacing 'strcpy' with 'strscpy', which prevents the overflow by ensuring that the copied string does not exceed the buffer's capacity.

Impact

Exploitation of this vulnerability could lead to a buffer overflow, a common vulnerability that can be exploited to execute arbitrary code or cause a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Buffer Overflow Vulnerability in Nvidia Framebuffer Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating