CVE-2021-47383

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tty: Fix out-of-bound vmalloc access in imageblit<br /> <br /> This issue happens when a userspace program does an ioctl<br /> FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct<br /> containing only the fields xres, yres, and bits_per_pixel<br /> with values.<br /> <br /> If this struct is the same as the previous ioctl, the<br /> vc_resize() detects it and doesn&amp;#39;t call the resize_screen(),<br /> leaving the fb_var_screeninfo incomplete. And this leads to<br /> the updatescrollmode() calculates a wrong value to<br /> fbcon_display-&gt;vrows, which makes the real_y() return a<br /> wrong value of y, and that value, eventually, causes<br /> the imageblit to access an out-of-bound address value.<br /> <br /> To solve this issue I made the resize_screen() be called<br /> even if the screen does not need any resizing, so it will<br /> "fix and fill" the fb_var_screeninfo independently.