PT-2024-7729 · Linux+5 · Linux Kernel+5

Sirius

Published

2024-02-19

Updated

2025-07-04

CVE-2024-26798

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the fbcon component of the Linux kernel, where an error in resource management within the fbcon do set font() function can lead to a system crash. This can be triggered when the vc resize() function fails, particularly affecting system or internal fonts that are not restored properly. The vulnerability can be exploited to cause a denial of service, and it has been demonstrated by Sirius using Syzkaller to crash the system on the next invocation of font get(). The issue is challenging to reproduce but can be aided by fault injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-770

Related Identifiers

BDU:2024-09194

CVE-2024-26798

DSA-5658-1

OESA-2025-1727

OESA-2025-1728

OPENSUSE-SU-2024_1490-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

SUSE-SU-2024:1490-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

USN-6820-1

USN-6820-2

USN-6821-1

USN-6821-2

USN-6821-3

USN-6821-4

USN-6828-1

USN-6871-1

USN-6892-1

USN-6895-1

USN-6895-2

USN-6895-3

USN-6895-4

USN-6900-1

USN-6919-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-7729 · Linux+5 · Linux Kernel+5

CVE-2024-26798

Weakness Enumeration

Related Identifiers

Affected Products

References · 1285