Bug 2230042 (CVE-2023-38409) - CVE-2023-38409 kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment
Summary: CVE-2023-38409 kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to...
Keywords:
Status: NEW
Alias: CVE-2023-38409
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2224231
TreeView+ depends on / blocked
 
Reported: 2023-08-08 14:29 UTC by Rohit Keshri
Modified: 2024-05-22 09:51 UTC (History)
47 users (show)

Fixed In Version: Kernel 6.3-rc7
Doc Type: If docs needed, set a value
Doc Text:
A memory corruption flaw was found in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Framebuffer Console in the Linux kernel. This flaw allows a local attacker to crash the system, leading to a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:0610 0 None None None 2024-01-30 14:48:39 UTC
Red Hat Product Errata RHBA-2024:0611 0 None None None 2024-01-30 14:53:06 UTC
Red Hat Product Errata RHBA-2024:0637 0 None None None 2024-02-01 00:09:04 UTC
Red Hat Product Errata RHBA-2024:0673 0 None None None 2024-02-05 10:13:11 UTC
Red Hat Product Errata RHBA-2024:0688 0 None None None 2024-02-05 17:04:19 UTC
Red Hat Product Errata RHBA-2024:1338 0 None None None 2024-03-14 15:52:20 UTC
Red Hat Product Errata RHBA-2024:1350 0 None None None 2024-03-18 08:41:30 UTC
Red Hat Product Errata RHSA-2023:7539 0 None None None 2023-11-28 15:35:47 UTC
Red Hat Product Errata RHSA-2024:0412 0 None None None 2024-01-24 16:44:27 UTC
Red Hat Product Errata RHSA-2024:0439 0 None None None 2024-01-24 16:36:11 UTC
Red Hat Product Errata RHSA-2024:0448 0 None None None 2024-01-24 16:37:59 UTC
Red Hat Product Errata RHSA-2024:0461 0 None None None 2024-01-24 16:28:49 UTC
Red Hat Product Errata RHSA-2024:0562 0 None None None 2024-01-30 12:27:53 UTC
Red Hat Product Errata RHSA-2024:0563 0 None None None 2024-01-30 12:27:03 UTC
Red Hat Product Errata RHSA-2024:1249 0 None None None 2024-03-12 00:47:30 UTC
Red Hat Product Errata RHSA-2024:1250 0 None None None 2024-03-12 00:43:54 UTC
Red Hat Product Errata RHSA-2024:1268 0 None None None 2024-03-12 11:44:24 UTC
Red Hat Product Errata RHSA-2024:1269 0 None None None 2024-03-12 11:46:00 UTC
Red Hat Product Errata RHSA-2024:1306 0 None None None 2024-03-13 09:08:28 UTC
Red Hat Product Errata RHSA-2024:1332 0 None None None 2024-03-14 14:51:15 UTC
Red Hat Product Errata RHSA-2024:2950 0 None None None 2024-05-22 09:14:30 UTC
Red Hat Product Errata RHSA-2024:3138 0 None None None 2024-05-22 09:51:39 UTC

Description Rohit Keshri 2023-08-08 14:29:08 UTC
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12

Comment 24 errata-xmlrpc 2023-11-28 15:35:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7539 https://access.redhat.com/errata/RHSA-2023:7539

Comment 25 errata-xmlrpc 2024-01-24 16:28:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0461 https://access.redhat.com/errata/RHSA-2024:0461

Comment 26 errata-xmlrpc 2024-01-24 16:36:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0439

Comment 27 errata-xmlrpc 2024-01-24 16:37:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0448 https://access.redhat.com/errata/RHSA-2024:0448

Comment 28 errata-xmlrpc 2024-01-24 16:44:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:0412

Comment 29 errata-xmlrpc 2024-01-30 12:27:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:0563 https://access.redhat.com/errata/RHSA-2024:0563

Comment 30 errata-xmlrpc 2024-01-30 12:27:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:0562 https://access.redhat.com/errata/RHSA-2024:0562

Comment 32 errata-xmlrpc 2024-03-12 00:43:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1250

Comment 33 errata-xmlrpc 2024-03-12 00:47:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:1249 https://access.redhat.com/errata/RHSA-2024:1249

Comment 34 errata-xmlrpc 2024-03-12 11:44:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Via RHSA-2024:1268 https://access.redhat.com/errata/RHSA-2024:1268

Comment 35 errata-xmlrpc 2024-03-12 11:45:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:1269 https://access.redhat.com/errata/RHSA-2024:1269

Comment 36 errata-xmlrpc 2024-03-13 09:08:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1306

Comment 37 errata-xmlrpc 2024-03-14 14:51:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:1332 https://access.redhat.com/errata/RHSA-2024:1332

Comment 40 errata-xmlrpc 2024-05-22 09:14:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950

Comment 41 errata-xmlrpc 2024-05-22 09:51:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3138 https://access.redhat.com/errata/RHSA-2024:3138


Note You need to log in before you can comment on or make changes to this bug.