Cyber Posture

CVE-2021-47642

High

Published: 26 February 2025

Published
26 February 2025
Modified
23 September 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. 2. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. 89 strcpy(chan->adapter.name, name); Fix this warning by using strscpy() which will silence the warning and prevent any future buffer overflows should the names used to identify the channel become much longer.

Security Summary

CVE-2021-47642 is a buffer overflow vulnerability in the Linux kernel's nvidiafb driver within the video framebuffer device (fbdev) subsystem. The issue arises in the nvidia_setup_i2c_bus() function, where strcpy() is used to copy a name parameter into the fixed-size chan->adapter.name buffer (48 characters), potentially allowing an overrun as flagged by Coverity (CID 19036). This affects systems using the nvidiafb module for legacy NVIDIA framebuffer support.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N), requiring only local access (AV:L). Successful exploitation could result in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), such as arbitrary code execution, data corruption, or system crashes within the kernel context, as indicated by the CVSS v3.1 score of 7.8.

Mitigation involves applying upstream kernel patches that replace strcpy() with strscpy() to safely truncate copies and prevent overflows. Relevant stable kernel commits include 055cdd2e7b992921424d4daaa285ced787fb205f, 08dff482012758935c185532b1ad7d584785a86e, 37a1a2e6eeeb101285cd34e12e48a881524701aa, 41baa86b6c802cdc6ab8ff2d46c083c9be93de81, and 47e5533adf118afaf06d25a3e2aaaab89371b1c5, available via git.kernel.org. Security practitioners should update affected Linux kernels accordingly.

Details

CWE(s)
CWE-787

Affected Products

linux
linux kernel
≤ 4.9.311 · 4.10 — 4.14.276 · 4.15 — 4.19.238

References