CVE-2022-49948

vt: Clear selection before changing the font

Description

In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctl(KDFONTOP) the new font size can be bigger than the previous font. A previous selection may thus now be outside of the new screen size and thus trigger out-of-bounds accesses to graphics memory if the selection is removed in vc_do_resize(). Prevent such out-of-memory accesses by dropping the selection before the various con_font_set() console handlers are called.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c555cf04684fde39b5b0dd9fd80730030ee10c4a
https://git.kernel.org/stable/c/e9ba4611ddf676194385506222cce7b0844e708e
https://git.kernel.org/stable/c/f74b4a41c5d7c9522469917e3072e55d435efd9e
https://git.kernel.org/stable/c/1cf1930369c9dc428d827b60260c53271bff3285
https://git.kernel.org/stable/c/989201bb8c00b222235aff04e6200230d29dc7bb
https://git.kernel.org/stable/c/2535431ae967ad17585513649625fea7db28d4db
https://git.kernel.org/stable/c/c904fe03c4bd1f356a58797d39e2a5d0ca15cefc
https://git.kernel.org/stable/c/566f9c9f89337792070b5a6062dff448b3e7977f

Frequently Asked Questions

What is the severity of CVE-2022-49948?
CVE-2022-49948 has not yet been assigned a CVSS score.
How to fix CVE-2022-49948?
To fix CVE-2022-49948, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49948 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49948 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49948?
CVE-2022-49948 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.