Linux Kernel Glyph Index Bound-Check Vulnerability in fbdev Bitblit Component

A vulnerability in the Linux kernel's framebuffer (fbdev) bitblit operations has been addressed. The issue arose because the glyph index was derived from the character value, which could exceed the actual font's glyph count, leading to a global out-of-bounds read. This vulnerability was reported by syzbot.

Impact

Exploitation of this vulnerability could lead to a global out-of-bounds read, potentially allowing for unauthorized memory access or information disclosure.

Reproduction

The vulnerability can be reproduced by using the bitblit operations in the framebuffer component with a character value that exceeds the font's glyph count. This can be done by manipulating the character values sent to the bitblit functions, particularly those that are unaligned or aligned, to exceed the bounds of the font array.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel's official website.