CVE-2022-49948
HIGHLinux Kernel < 4.9.328, 4.10.0-5.19.8 - Out-of-bounds Read in Console Font Handling
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctl(KDFONTOP) the new font size can be bigger than the previous font. A previous selection may thus now be outside of the new screen size and thus trigger out-of-bounds accesses to graphics memory if the selection is removed in vc_do_resize(). Prevent such out-of-memory accesses by dropping the selection before the various con_font_set() console handlers are called.
References (8)
Core 8
Core References
Scores
CVSS v3
7.1
EPSS
0.0021
EPSS Percentile
11.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (43)
linux/Kernel
4.10.0 - 4.14.293linux
linux/Kernel
4.15.0 - 4.19.258linux
linux/Kernel
4.20.0 - 5.4.213linux
linux/Kernel
4.9.0 - 4.9.328linux
linux/Kernel
5.11.0 - 5.15.66linux
linux/Kernel
5.16.0 - 5.19.8linux
linux/Kernel
5.5.0 - 5.10.142linux
Linux/Linux
< 4.9
Linux/Linux
009e39ae44f4191188aeb6dfbf661b771dbbe515 - 1cf1930369c9dc428d827b60260c53271bff3285
Linux/Linux
009e39ae44f4191188aeb6dfbf661b771dbbe515 - 2535431ae967ad17585513649625fea7db28d4db
... and 33 more
Published
Jun 18, 2025
Tracked Since
Feb 18, 2026