CVE-2024-50076

Summary

In the Linux kernel, the following vulnerability has been resolved:

vt: prevent kernel-infoleak in con_font_get()

font.data may not initialize all memory spaces depending on the implementation of vc->vc_sw->con_font_get. This may cause info-leak, so to prevent this, it is safest to modify it to initialize the allocated memory space to 0, and it generally does not affect the overall performance of the system.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < efc67cee700b89ffbdb74a0603a083ec1290ae31affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < dc794e878e6d79f75205be456b1042a289c5759daffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1e5a17dc77d8a8bbe67040b32e2ef755901aba44affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b3959d5eca136e0588f9af3867b34032160cb826affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 23c4cb8a56978e5b1baa171d42e616e316c2039daffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < dc2d5f02636c7587bdd6d1f60fc59c55860b00a4affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < adb1f312f38f0d2c928ceaff089262798cc260b4affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f956052e00de211b5c9ebaa1958366c23f82ee9eaffected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.19.323 <= 4.19.*unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.229 <= 5.10.*unaffected
LinuxLinux5.15.171 <= 5.15.*unaffected
LinuxLinux6.1.116 <= 6.1.*unaffected
LinuxLinux6.6.58 <= 6.6.*unaffected
LinuxLinux6.11.5 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

References