Linux Kernel Out-of-Bounds Font Access Vulnerability in fbcon Rotation Handling

A vulnerability in the Linux kernel's framebuffer console (fbcon) rotation handling can lead to out-of-bounds (OOB) font access. This issue occurs because the console rotation process may fail to properly reallocate the font buffer, leaving the old buffer intact but too small for the rotated font. As a result, printing to the rotated console with a high character code can overflow the font buffer. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can be exploited to cause a buffer overflow, which may lead to arbitrary code execution or other unintended consequences, depending on the specific context in which the vulnerability is exploited.

Reproduction

To reproduce this vulnerability, rotate the console while using a font that exceeds the size of the reallocated buffer. This can be done by applying a high character code during the rotation process, which will trigger the buffer overflow.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.