CVE-2022-49948

Summary

In the Linux kernel, the following vulnerability has been resolved:

vt: Clear selection before changing the font

When changing the console font with ioctl(KDFONTOP) the new font size can be bigger than the previous font. A previous selection may thus now be outside of the new screen size and thus trigger out-of-bounds accesses to graphics memory if the selection is removed in vc_do_resize().

Prevent such out-of-memory accesses by dropping the selection before the various con_font_set() console handlers are called.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux009e39ae44f4191188aeb6dfbf661b771dbbe515 < c555cf04684fde39b5b0dd9fd80730030ee10c4aaffected
LinuxLinux009e39ae44f4191188aeb6dfbf661b771dbbe515 < e9ba4611ddf676194385506222cce7b0844e708eaffected
LinuxLinux009e39ae44f4191188aeb6dfbf661b771dbbe515 < f74b4a41c5d7c9522469917e3072e55d435efd9eaffected
LinuxLinux009e39ae44f4191188aeb6dfbf661b771dbbe515 < 1cf1930369c9dc428d827b60260c53271bff3285affected
LinuxLinux009e39ae44f4191188aeb6dfbf661b771dbbe515 < 989201bb8c00b222235aff04e6200230d29dc7bbaffected
LinuxLinux009e39ae44f4191188aeb6dfbf661b771dbbe515 < 2535431ae967ad17585513649625fea7db28d4dbaffected
LinuxLinux009e39ae44f4191188aeb6dfbf661b771dbbe515 < c904fe03c4bd1f356a58797d39e2a5d0ca15cefcaffected
LinuxLinux009e39ae44f4191188aeb6dfbf661b771dbbe515 < 566f9c9f89337792070b5a6062dff448b3e7977faffected
LinuxLinuxe60f8fcce05042e8f8cea25ee81fecc1222114cfaffected
LinuxLinux5812a9bc9d68a82c2cc839f88e6f7a05093ab39daffected
LinuxLinux863ad19fd654c485e3beec3575c4d74a1e74369eaffected
LinuxLinuxdbc3fd44f957a39407e889287bf61fa0ef3ecc14affected
LinuxLinux0b2a0a58ad22f9d6dfc641bc5ec46057493f22a5affected
LinuxLinux9f2d48f0745f921040df91bfe8fa7f0339cd7497affected
LinuxLinux3425e397fb23cc2e8e6fb8f5b8226dcb447e84ddaffected
LinuxLinuxeeae0a12a16650ff494d5faefa371cd9e7079575affected
LinuxLinux3.2.85 < 3.3affected
LinuxLinux3.10.105 < 3.11affected
LinuxLinux3.12.68 < 3.13affected
LinuxLinux3.16.40 < 3.17affected
LinuxLinux3.18.45 < 3.19affected
LinuxLinux4.1.36 < 4.2affected
LinuxLinux4.4.31 < 4.5affected
LinuxLinux4.8.7 < 4.9affected
LinuxLinux4.9affected
LinuxLinux0 < 4.9unaffected
LinuxLinux4.9.328 <= 4.9.*unaffected
LinuxLinux4.14.293 <= 4.14.*unaffected
LinuxLinux4.19.258 <= 4.19.*unaffected
LinuxLinux5.4.213 <= 5.4.*unaffected
LinuxLinux5.10.142 <= 5.10.*unaffected
LinuxLinux5.15.66 <= 5.15.*unaffected
LinuxLinux5.19.8 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References