PT-2023-3083 · Linux+7 · Linux Kernel+7

Sanan Hasanov

·

Published

2023-01-25

·

Updated

2025-03-11

·

CVE-2023-3161

CVSS v2.0

6.8

Medium

VectorAV:L/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)
Description A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. The issue is related to the fbcon set font() function, which is vulnerable to an integer overflow due to a lack of bounds checking. This can occur when font->width and font->height values greater than 32 are provided to fbcon set font(), leading to a shift-out-of-bounds and resulting in undefined behavior. This could potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information, and may lead to a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-1335CWE-682

Related Identifiers

ALSA-2023:7077
ALT-PU-2023-1434
ALT-PU-2023-1539
ALT-PU-2023-4461
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-27192
BDU:2023-03170
CESA-2023_6901
CESA-2023_7077
CVE-2023-3161
OESA-2023-1393
OESA-2023-1394
OESA-2023-1395
OESA-2023-1396
OESA-2023-1397
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2859-1
OPENSUSE-SU-2023_2871-1
RHSA-2023:5603
RHSA-2023:5604
RHSA-2023:6583
RHSA-2023:6901
RHSA-2023:7077
RHSA-2023_6583
RHSA-2023_6901
RHSA-2023_7077
RHSA-2024:0412
SUSE-SU-2023:2646-1
SUSE-SU-2023:2782-1
SUSE-SU-2023:2804-1
SUSE-SU-2023:2805-1
SUSE-SU-2023:2808-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2810-1
SUSE-SU-2023:2820-1
SUSE-SU-2023:2822-1
SUSE-SU-2023:2830-1
SUSE-SU-2023:2831-1
SUSE-SU-2023:2834-1
SUSE-SU-2023:2859-1
SUSE-SU-2023:2871-1
SUSE-SU-2023:3333-1
USN-6222-1
USN-6254-1
USN-6256-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu