CVE-2022-50404

Summary

In the Linux kernel, the following vulnerability has been resolved:

fbdev: fbcon: release buffer when fbcon_do_set_font() failed

syzbot is reporting memory leak at fbcon_do_set_font() [1], for commit a5a923038d70 ("fbdev: fbcon: Properly revert changes when vc_resize() failed") missed that the buffer might be newly allocated by fbcon_set_font().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux868749a7456dc48e93887a8474194e2ee6d6c21f < 5a341810a22e51c3a7a108f7896b5fd58d44d127affected
LinuxLinuxebd6f886aa2447fcfcdce5450c9e1028e1d681bb < 88ec6d11052da527eb9268831e7a9bc5bbad02f6affected
LinuxLinuxa5a923038d70d2d4a86cb4e3f32625a5ee6e7e24 < 06926607b9fddf7ce8017493899ce6eb7e79a123affected
LinuxLinuxa5a923038d70d2d4a86cb4e3f32625a5ee6e7e24 < a609bfc1e644a8467cb31945ed1488374ebdc013affected
LinuxLinuxa5a923038d70d2d4a86cb4e3f32625a5ee6e7e24 < 3c3bfb8586f848317ceba5d777e11204ba3e5758affected
LinuxLinuxf08ccb792d3eaf1dc62d8cbf6a30d6522329f660affected
LinuxLinux5.15.64 < 5.15.86affected
LinuxLinux5.19.6 < 5.20affected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References