CVE-2023-3161

Summary

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.

Affected Software

VendorProductVersion RangeStatus
n/aLinux Kernel (fbcon)Fixed in kernel 6.2-rc7affected

Weaknesses

  • CWE-1335: CWE-1335

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References