An out-of-bounds (OOB) memory access flaw was found in fbcon_get_font() in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A bound check failure may allow a local attacker with special user privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Reference: https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1899178]
This was fixed for Fedora with the 5.8.15 stable kernel updates.
Mitigation: Add 'nomodeset' option as kernel boot parameter to disable frame buffering (edit /etc/default/grub, and run 'grub2-mkconfig -o /boot/grub2/grub.cfg' and reboot). ~~~ # cat /proc/cmdline BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-147.el8.x86_64 root=/dev/mapper/rhel_rhel8u2--1-root ro crashkernel=auto resume=/dev/mapper/rhel_rhel8u2--1-swap rd.lvm.lv=rhel_rhel8u2-1/root rd.lvm.lv=rhel_rhel8u2-1/swap nomodeset # ls -l /dev/fb* ls: cannot access '/dev/fb*': No such file or directory ~~~
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5344 https://access.redhat.com/errata/RHSA-2022:5344
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5316 https://access.redhat.com/errata/RHSA-2022:5316
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-28915