5.5

CVE-2022-50404

fbdev: fbcon: release buffer when fbcon_do_set_font() failed

In the Linux kernel, the following vulnerability has been resolved:

fbdev: fbcon: release buffer when fbcon_do_set_font() failed

syzbot is reporting memory leak at fbcon_do_set_font() [1], for
commit a5a923038d70 ("fbdev: fbcon: Properly revert changes when
vc_resize() failed") missed that the buffer might be newly allocated
by fbcon_set_font().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15.64 < 5.15.86
LinuxLinux Kernel Version >= 5.19.6 < 6.0
LinuxLinux Kernel Version >= 6.0.1 < 6.0.16
LinuxLinux Kernel Version >= 6.1 < 6.1.2
LinuxLinux Kernel Version6.0 Update-
LinuxLinux Kernel Version6.0 Updaterc3
LinuxLinux Kernel Version6.0 Updaterc4
LinuxLinux Kernel Version6.0 Updaterc5
LinuxLinux Kernel Version6.0 Updaterc6
LinuxLinux Kernel Version6.0 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.045
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/06926607b9fddf7ce8017493899ce6eb7e79a123
Patch
https://git.kernel.org/stable/c/3c3bfb8586f848317ceba5d777e11204ba3e5758
Patch
https://git.kernel.org/stable/c/88ec6d11052da527eb9268831e7a9bc5bbad02f6
Patch
https://git.kernel.org/stable/c/a609bfc1e644a8467cb31945ed1488374ebdc013
Patch
https://git.kernel.org/stable/c/5a341810a22e51c3a7a108f7896b5fd58d44d127
Patch