CVE-2024-50076

vt: prevent kernel-infoleak in con_font_get()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

vt: prevent kernel-infoleak in con_font_get()

font.data may not initialize all memory spaces depending on the implementation
of vc->vc_sw->con_font_get. This may cause info-leak, so to prevent this, it
is safest to modify it to initialize the allocated memory space to 0, and it
generally does not affect the overall performance of the system.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-10-29 CVE Published
2024-11-09 EPSS Updated
2024-11-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/05e2600cb0a4d73b0779cf29512819616252aeeb	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/efc67cee700b89ffbdb74a0603a083ec1290ae31	2024-11-08
https://git.kernel.org/stable/c/dc794e878e6d79f75205be456b1042a289c5759d	2024-11-08
https://git.kernel.org/stable/c/1e5a17dc77d8a8bbe67040b32e2ef755901aba44	2024-11-08
https://git.kernel.org/stable/c/b3959d5eca136e0588f9af3867b34032160cb826	2024-11-08
https://git.kernel.org/stable/c/23c4cb8a56978e5b1baa171d42e616e316c2039d	2024-11-08
https://git.kernel.org/stable/c/dc2d5f02636c7587bdd6d1f60fc59c55860b00a4	2024-10-22
https://git.kernel.org/stable/c/adb1f312f38f0d2c928ceaff089262798cc260b4	2024-10-22
https://git.kernel.org/stable/c/f956052e00de211b5c9ebaa1958366c23f82ee9e	2024-10-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 4.19.323 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 4.19.323"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 5.4.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 5.4.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 5.10.229 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 5.10.229"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 5.15.171 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 5.15.171"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.1.116 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.1.116"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.6.58 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.6.58"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.11.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.11.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.12"		en		Affected