102 matches found
fbcon: Avoid OOB font access if console rotation fails
...
CVE-2026-46191
A flaw was found in the Linux kernel's framebuffer console fbcon component. When console rotation fails, the fbconrotatefont function may keep an old font buffer that is too small for the rotated font. A local user printing to the rotated console with a high character code can trigger an...
UBUNTU-CVE-2026-46191
In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...
EUVD-2026-32818
In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...
PT-2026-44314
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An out-of-bounds font access occurs in the fbcon rotate font function when console rotation fails. The system retains the ol...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A flaw was discovered in the Framebuffer Console fbcon within the Linux kernel. When values greater than 32 are provided for font-width and font-height in the fbconsetfont function, due to lack of proper checks, an out-of-bounds situation may occur, resulting in undefined behavior and potentially...
CVE-2026-43123
In the Linux kernel, the following vulnerability has been resolved: fbcon: check return value of con2fbacquirenewinfo If fbconopen fails when called from con2fbacquirenewinfo then info-fbconpar pointer remains NULL which is later dereferenced. Add check for return value of the function...
CVE-2026-43123
In the Linux kernel, the following vulnerability has been resolved: fbcon: check return value of con2fbacquirenewinfo If fbconopen fails when called from con2fbacquirenewinfo then info-fbconpar pointer remains NULL which is later dereferenced. Add check for return value of the function...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012970)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012970 advisory. In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font data in fbcondosetfont Commit a5a923038d70 fbdev: fbcon:...
CLSA-2026-1773832495 Fix of 114 CVEs
CVE-2023-53515 - virtio-mmio: don't break lifecycle of vmdev CVE-2023-53515 CVE-2025-39967 - fbcon: fix integer overflow in fbcondosetfont CVE-2025-39967 - fbcon: Fix OOB access in font allocation CVE-2025-39967 CVE-2025-38702 - fbdev: fix potential buffer overflow in doregisterframebuffer...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004471)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004471 advisory. A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel,...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003888)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003888 advisory. A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel,...
SUSE CVE-2025-68296
In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...
EUVD-2025-203784
In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...
DEBIAN-CVE-2025-40323
In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fbdisplayi-mode to NULL when the mode is released Recently, we discovered the following issue through syzkaller: BUG: KASAN: slab-use-after-free in fbmodeisequal+0x285/0x2f0 Read of size 4 at addr ff11000001b3c69c by...
UBUNTU-CVE-2025-40323
In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fbdisplayi-mode to NULL when the mode is released Recently, we discovered the following issue through syzkaller: BUG: KASAN: slab-use-after-free in fbmodeisequal+0x285/0x2f0 Read of size 4 at addr ff11000001b3c69c by...
CVE-2025-40323
In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fbdisplayi-mode to NULL when the mode is released Recently, we discovered the following issue through syzkaller: BUG: KASAN: slab-use-after-free in fbmodeisequal+0x285/0x2f0 Read of size 4 at addr ff11000001b3c69c by...
CVE-2025-40323 fbcon: Set fb_display[i]->mode to NULL when the mode is released
In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fbdisplayi-mode to NULL when the mode is released Recently, we discovered the following issue through syzkaller: BUG: KASAN: slab-use-after-free in fbmodeisequal+0x285/0x2f0 Read of size 4 at addr ff11000001b3c69c by...