Linux Kernel Memory Leak Vulnerability in fbcon Font Handling

A memory leak vulnerability has been identified in the Linux kernel's framebuffer console (fbcon) font management. This issue arises in versions of the kernel through 5.15. The vulnerability occurs because the function fbcon_do_set_font() may fail, leaving newly allocated buffers unreleased. The problem was introduced in a previous commit that did not account for the possibility of new allocations by fbcon_set_font().

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by triggering a failure in the vc_resize() function while fbcon_set_font() has allocated a buffer. This can be done by manipulating the font handling in the framebuffer console, causing the font setting function to fail without releasing the allocated memory.

Remediation

Users can upgrade to the latest version of the Linux kernel to address this vulnerability. The commit that fixes this issue is available in the Linux kernel stable tree.