{"id":"CVE-2024-50134","summary":"drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA\n\nReplace the fake VLA at end of the vbva_mouse_pointer_shape shape with\na real VLA to fix a \"memcpy: detected field-spanning write error\" warning:\n\n[   13.319813] memcpy: detected field-spanning write (size 16896) of single field \"p-\u003edata\" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4)\n[   13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo]\n[   13.320038] Call Trace:\n[   13.320173]  hgsmi_update_pointer_shape [vboxvideo]\n[   13.320184]  vbox_cursor_atomic_update [vboxvideo]\n\nNote as mentioned in the added comment it seems the original length\ncalculation for the allocated and send hgsmi buffer is 4 bytes too large.\nChanging this is not the goal of this patch, so this behavior is kept.","modified":"2026-04-16T04:33:17.452219319Z","published":"2024-11-05T17:10:58.939Z","related":["SUSE-SU-2024:4314-1","SUSE-SU-2024:4315-1","SUSE-SU-2024:4316-1","SUSE-SU-2024:4318-1","SUSE-SU-2024:4364-1","SUSE-SU-2024:4376-1","SUSE-SU-2024:4387-1","SUSE-SU-2025:20163-1","SUSE-SU-2025:20164-1","SUSE-SU-2025:20246-1","SUSE-SU-2025:20247-1","USN-7276-1","USN-7277-1","openSUSE-SU-2024:14500-1","openSUSE-SU-2025:14705-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50134.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/02c86c5d5ef4bbba17d38859c74872825f536617"},{"type":"WEB","url":"https://git.kernel.org/stable/c/34a422274b693507025a7db21519865d1862afcb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7458a6cdaebb3dc59af8578ee354fae78a154c4a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/75f828e944dacaac8870418461d3d48a1ecf2331"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9eb32bd23bbcec44bcbef27b7f282b7a7f3d0391"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d92b90f9a54d9300a6e883258e79f36dab53bfae"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fae9dc12c61ce23cf29d09824a741b7b1ff8f01f"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50134.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50134"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"dd55d44f408419278c00887bfcb2261d0caae350"},{"fixed":"02c86c5d5ef4bbba17d38859c74872825f536617"},{"fixed":"75f828e944dacaac8870418461d3d48a1ecf2331"},{"fixed":"34a422274b693507025a7db21519865d1862afcb"},{"fixed":"7458a6cdaebb3dc59af8578ee354fae78a154c4a"},{"fixed":"9eb32bd23bbcec44bcbef27b7f282b7a7f3d0391"},{"fixed":"fae9dc12c61ce23cf29d09824a741b7b1ff8f01f"},{"fixed":"d92b90f9a54d9300a6e883258e79f36dab53bfae"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50134.json"}}],"schema_version":"1.7.5"}