Description
In the Linux kernel, the following vulnerability has been resolved:

fbcon: Avoid OOB font access if console rotation fails

Clear the font buffer if the reallocation during console rotation fails
in fbcon_rotate_font(). The putcs implementations for the rotated buffer
will return early in this case. See [1] for an example.

Currently, fbcon_rotate_font() keeps the old buffer, which is too small
for the rotated font. Printing to the rotated console with a high-enough
character code will overflow the font buffer.

v2:
- fix typos in commit message
Published: 2026-05-28
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Linux, the fbcon_rotate_font() routine fails to reallocate a larger font buffer when console rotation is attempted. It keeps the old, smaller buffer, so printing characters with high code points can overflow the buffer that accompanies the rotated console. The vulnerability is an out‑of‑bounds buffer write in kernel space, which may corrupt adjacent kernel memory and produce a system crash. The description does not claim privilege escalation or arbitrary code execution, only a potential memory corruption outcome.

Affected Systems

The affected component is the fbcon (framebuffer console) driver that is part of the standard Linux kernel when framebuffer support is enabled. No specific kernel version is listed, so any kernel that still contains the pre‑patch fbcon_rotate_font() implementation remains vulnerable. Administrators should verify whether their kernel includes the commit that clears the font buffer on failure and consider the system affected if it does not.

Risk and Exploitability

The vulnerability has a CVSS score of 7.1 and an EPSS score of less than 1 %. It is not listed in the CISA KEV catalog. The problem is local to the machine; it requires that a local process prints to the rotated console to trigger the overflow. An attacker with local access could potentially cause a denial of service by triggering the overflow, or if kernel memory corruption leads to higher impact, could exploit the flaw in a more advanced attack. The moderate CVSS and very low EPSS suggest that while the flaw is serious, exploitation is not widespread at present.

Generated by OpenCVE AI on June 11, 2026 at 04:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that includes the fbcon font buffer clearing commit referenced in the kernel patches
  • If a kernel update is not possible, prevent loading of the fbcon module by blacklisting it
  • Limit access to framebuffer devices under /dev/fb* with appropriate permissions or device cgroups to reduce the attack surface

Generated by OpenCVE AI on June 11, 2026 at 04:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbcon_rotate_font(). The putcs implementations for the rotated buffer will return early in this case. See [1] for an example. Currently, fbcon_rotate_font() keeps the old buffer, which is too small for the rotated font. Printing to the rotated console with a high-enough character code will overflow the font buffer. v2: - fix typos in commit message
Title fbcon: Avoid OOB font access if console rotation fails
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:01:30.640Z

Reserved: 2026-05-13T15:03:33.104Z

Link: CVE-2026-46191

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:34.740

Modified: 2026-06-11T03:10:53.920

Link: CVE-2026-46191

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46191 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T05:00:06Z

Weaknesses