Unrated severityNVD Advisory· Published Oct 21, 2024· Updated Nov 3, 2025

fbcon: Fix a NULL pointer dereference issue in fbcon_putcs

CVE-2024-50048

Description

In the Linux kernel, the following vulnerability has been resolved:

syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer:

struct param { uint8_t type; struct tiocl_selection ts; };

int main() { struct fb_con2fbmap con2fb; struct param param;

int fd = open("/dev/fb1", 0, 0);

con2fb.console = 0x19; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb);

param.type = 2; param.ts.xs = 0; param.ts.ys = 0; param.ts.xe = 0; param.ts.ye = 0; param.ts.sel_mode = 0;

int fd1 = open("/dev/tty1", O_RDWR, 0); ioctl(fd1, TIOCLINUX, &param);

con2fb.console = 1; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb);

return 0; }

After calling ioctl(fd1, TIOCLINUX, &param), the subsequent ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb) causes the kernel to follow a different execution path:

set_con2fb_map -> con2fb_init_display -> fbcon_set_disp -> redraw_screen -> hide_cursor -> clear_selection -> highlight -> invert_screen -> do_update_region -> fbcon_putcs -> ops->putcs

Since ops->putcs is a NULL pointer, this leads to a kernel panic. To prevent this, we need to call set_blitting_type() within set_con2fb_map() to properly initialize ops->putcs.

Affected products

105

osv-coords104 versions
pkg:deb/ubuntu/linux@6.11.0-18.18?arch=source&distro=oracular pkg:deb/ubuntu/linux-aws@6.11.0-1009.10?arch=source&distro=oracular pkg:deb/ubuntu/linux-azure@6.11.0-1009.9?arch=source&distro=oracular pkg:deb/ubuntu/linux-gcp@6.11.0-1009.9?arch=source&distro=oracular pkg:deb/ubuntu/linux-lowlatency@6.11.0-1010.11?arch=source&distro=oracular pkg:deb/ubuntu/linux-oracle@6.11.0-1011.12?arch=source&distro=oracular pkg:deb/ubuntu/linux-raspi@6.11.0-1008.8?arch=source&distro=oracular pkg:deb/ubuntu/linux-realtime@6.11.0-1005.5?arch=source&distro=oracular pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.5 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/kernel-source-longterm&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-coco_debug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_4&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_4&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_4&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_4&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_22&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-source-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-syms-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 6.11.0-18.18+ 103 more
- (no CPE)range: < 6.11.0-18.18
- (no CPE)range: < 6.11.0-1009.10
- (no CPE)range: < 6.11.0-1009.9
- (no CPE)range: < 6.11.0-1009.9
- (no CPE)range: < 6.11.0-1010.11
- (no CPE)range: < 6.11.0-1011.12
- (no CPE)range: < 6.11.0-1008.8
- (no CPE)range: < 6.11.0-1005.5
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.2
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1.150600.12.12.6
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.17.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.17.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.11.8-1.1
- (no CPE)range: < 6.12.11-1.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.17.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.17.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.2
- (no CPE)range: < 6.4.0-15061.9.coco15sp6.1
- (no CPE)range: < 6.4.0-15061.9.coco15sp6.1
- (no CPE)range: < 5.14.21-150500.55.88.1.150500.6.39.4
- (no CPE)range: < 5.14.21-150500.55.88.1.150500.6.39.4
- (no CPE)range: < 6.4.0-150600.23.30.1.150600.12.12.6
- (no CPE)range: < 6.4.0-24.1.21.4
- (no CPE)range: < 6.4.0-24.1.21.4
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.2
- (no CPE)range: < 1-1.2
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.5.1
- (no CPE)range: < 1-150600.1.3.1
- (no CPE)range: < 1-150600.13.3.5
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.17.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-22.1
- (no CPE)range: < 6.4.0-22.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.17.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.1
- (no CPE)range: < 6.4.0-15061.9.coco15sp6.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-22.1
- (no CPE)range: < 6.4.0-22.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.17.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.1
- (no CPE)range: < 6.4.0-15061.9.coco15sp6.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.17.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
Linux/Linuxcpe-rescue
Range: 5.19

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000