PT-2023-3674 · Linux+6 · Linux Kernel+6

Xingyuan Mo

·

Published

2023-04-12

·

Updated

2024-11-21

·

CVE-2023-38409

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.12
Description The issue is related to the use of memory after it has been freed in the set con2fb map() function in the Linux kernel. This can lead to a denial of service. The problem arises because an assignment occurs only for the first vc, causing the fbcon registered fb and fbcon display arrays to become desynchronized in fbcon mode deleted, as the con2fb map points to the old fb info.
Recommendations For Linux kernel versions prior to 6.2.12, update to version 6.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the set con2fb map() function in the fbcon.c module until a patch is available.

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALSA-2024:2950
ALSA-2024:3138
ALT-PU-2023-8395
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-27499
AZL-27671
BDU:2023-03958
CESA-2024_1249
CESA-2024_2950
CESA-2024_3138
CVE-2023-38409
INFSA-2024_2950
INFSA-2024_3138
OPENSUSE-SU-2023_3302-1
OPENSUSE-SU-2023_3311-1
OPENSUSE-SU-2023_3376-1
RHSA-2023:7539
RHSA-2024:0412
RHSA-2024:0439
RHSA-2024:0448
RHSA-2024:0461
RHSA-2024:0562
RHSA-2024:0563
RHSA-2024:1249
RHSA-2024:1250
RHSA-2024:1268
RHSA-2024:1269
RHSA-2024:1306
RHSA-2024:1332
RHSA-2024:2950
RHSA-2024:3138
RHSA-2024_0461
RHSA-2024_1249
RHSA-2024_1332
RHSA-2024_2950
RHSA-2024_3138
RLSA-2024:2950
RLSA-2024:3138
SUSE-SU-2023:3302-1
SUSE-SU-2023:3311-1
SUSE-SU-2023:3376-1

Affected Products

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse