A flaw in the Linux Kernel console driver found. When setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds. To trigger the vulnerability user need to have access to console driver like if text mode being used through a generic VGA standard display. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2109148]
This was fixed for Fedora with the 5.12 stable kernel rebases.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2736 https://access.redhat.com/errata/RHSA-2023:2736
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2951 https://access.redhat.com/errata/RHSA-2023:2951
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-33656
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4789 https://access.redhat.com/errata/RHSA-2023:4789