CVE-2022-50404
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: fbdev: fbcon: release buffer when fbcon_do_set_font() failed syzbot is reporting memory leak at fbcon_do_set_font() [1], for commit a5a923038d70 ("fbdev: fbcon: Properly revert changes when vc_resize() failed") missed that the buffer might be newly allocated by fbcon_set_font().
Analysis
A memory leak vulnerability exists in the Linux kernel's fbcon (framebuffer console) driver in the fbcon_do_set_font() function, where newly allocated buffers fail to be properly released when font setting operations fail. This affects Linux kernel versions from 6.0 through 6.0-rc7 and potentially other versions, allowing local unprivileged users to cause denial of service through memory exhaustion. A patch is available from the vendor, and exploitation requires local access with low privilege.
Technical Context
The vulnerability resides in the Linux kernel's fbdev subsystem, specifically the framebuffer console (fbcon) driver, which manages character-based console rendering on framebuffer devices. The root cause is classified as CWE-401 (Missing Release of Memory after Effective Lifetime), where commit a5a923038d70 attempted to fix error handling in vc_resize() but inadvertently missed proper cleanup when fbcon_set_font() allocates a new buffer that subsequently fails. The fbcon_do_set_font() function is responsible for changing console font parameters, and when errors occur during this operation, the newly allocated buffer is not freed, causing memory to accumulate. The affected CPE identifies this as a kernel-level vulnerability affecting the core Linux kernel across multiple versions including 6.0, 6.0-rc3 through 6.0-rc7, and potentially earlier and later kernel versions.
Affected Products
The Linux kernel versions 6.0, 6.0-rc3, 6.0-rc4, 6.0-rc5, 6.0-rc6, and 6.0-rc7 are explicitly affected, as confirmed by CPE identifiers (cpe:2.3:o:linux:linux_kernel:6.0:*:*:*:*:*:*:* and RC variants). Earlier and later kernel versions may also be affected depending on when the vulnerable commit was introduced and whether patch series have been backported. The vulnerability is documented in the Linux kernel source repository with patches available at https://git.kernel.org/stable/, with multiple commit hashes provided (06926607b9fddf7ce8017493899ce6eb7e79a123, 3c3bfb8586f848317ceba5d777e11204ba3e5758, and others) indicating patches across multiple stable kernel branches.
Remediation
Upgrade the Linux kernel to a patched version that includes one of the identified fixes (commit 06926607b9fddf7ce8017493899ce6eb7e79a123 or equivalent backports for your kernel version). Consult the Linux kernel stable repository at https://git.kernel.org/stable/ and your Linux distribution's kernel update channels for the specific patched version available for your release. For systems unable to immediately patch, restrict fbcon access and font manipulation capabilities to trusted users by limiting setfont(8) permissions and disabling unnecessary framebuffer console features if not required for system operation. Monitor memory usage on systems running affected kernel versions, as sustained memory exhaustion could indicate exploitation attempts, though the low EPSS score suggests this is an unlikely real-world attack vector.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today