In Linux systems, the fbcon_rotate_font() routine incorrectly retains a too‑small font buffer when console rotation fails. A subsequent attempt to print characters with a value high enough to reference this buffer triggers an out‑of‑bounds write. Because this occurs in kernel space, the corruption can lead to a crash or to the execution of arbitrary code with kernel privileges, enabling local privilege escalation or denial of service. The flaw is a classic buffer overflow scenario represented by CWE‑122 and CWE‑787.

The affected component is the fbcon (framebuffer console) driver present in all standard Linux kernel builds that include framebuffer support. No specific kernel version numbers are supplied in the report; therefore, any kernel version that still contains the unpatched fbcon_rotate_font() implementation is vulnerable. Administrators should verify whether their installed kernel includes the commit that clears the font buffer on failure and, if not, treat the system as affected.

The exploitation surface is a local privilege escalation or crash scenario, as the fault occurs in kernel space and requires an application or script that triggers framebuffer console usage to provoke the overflow. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, yet the nature of the flaw—kernel memory corruption—implies a high risk should an attacker obtain local access or can invoke the faulty console rotation path. Prompt application of the patch is therefore advised.