Linux Kernel KASAN Vulnerability in vgacon Scroll Function

A vulnerability in the Linux kernel's virtual console (vgacon) handling has been identified, specifically within the scrolling function. This issue, reported by Syzkaller, involves a slab-out-of-bounds read, which can occur when the console font is set, potentially leading to memory corruption. The vulnerability arises from insufficient checks on the origin address range, allowing for out-of-bounds memory access.

Impact

Exploitation of this vulnerability can lead to memory corruption, with the potential for arbitrary code execution or causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by triggering a write operation to the virtual console screen buffer while the console font is being changed. This can be done by using a tool like Syzkaller to automate the process, which will cause a read operation to access memory outside the allocated bounds, leading to a KASAN (Kernel Address Sanitizer) report of the out-of-bounds access.