CVE-2026-46191
fbcon OOB Font Access Due to Console Rotation Failure
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's framebuffer console (fbcon) component. Specifically, it involves the function fbcon_rotate_font(), which handles console rotation. When the console rotation fails during font buffer reallocation, the old font buffer, which is too small for the rotated font, is kept. This can cause an out-of-bounds (OOB) access when printing characters with high character codes, leading to a font buffer overflow.
The fix involves clearing the font buffer if the reallocation fails, so that the putcs implementations for the rotated buffer return early and avoid accessing invalid memory.
How can this vulnerability impact me? :
This vulnerability can lead to an out-of-bounds memory access in the framebuffer console when printing characters after a failed console rotation. Such memory corruption could potentially cause system instability, crashes, or unexpected behavior in the console display.
While the description does not specify exploitation details, out-of-bounds access vulnerabilities can sometimes be leveraged for privilege escalation or denial of service attacks depending on the context.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by updating the Linux kernel to a version where the fbcon_rotate_font() function properly clears the font buffer if reallocation during console rotation fails. Therefore, the immediate mitigation step is to apply the kernel update that includes this fix.