CVE-2024-50076

vt: prevent kernel-infoleak in con_font_get()

Description

In the Linux kernel, the following vulnerability has been resolved: vt: prevent kernel-infoleak in con_font_get() font.data may not initialize all memory spaces depending on the implementation of vc->vc_sw->con_font_get. This may cause info-leak, so to prevent this, it is safest to modify it to initialize the allocated memory space to 0, and it generally does not affect the overall performance of the system.

Category

6.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.11%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/efc67cee700b89ffbdb74a0603a083ec1290ae31
https://git.kernel.org/stable/c/dc794e878e6d79f75205be456b1042a289c5759d
https://git.kernel.org/stable/c/1e5a17dc77d8a8bbe67040b32e2ef755901aba44
https://git.kernel.org/stable/c/b3959d5eca136e0588f9af3867b34032160cb826
https://git.kernel.org/stable/c/23c4cb8a56978e5b1baa171d42e616e316c2039d
https://git.kernel.org/stable/c/dc2d5f02636c7587bdd6d1f60fc59c55860b00a4 patch
https://git.kernel.org/stable/c/adb1f312f38f0d2c928ceaff089262798cc260b4 patch
https://git.kernel.org/stable/c/f956052e00de211b5c9ebaa1958366c23f82ee9e patch

Frequently Asked Questions

What is the severity of CVE-2024-50076?
CVE-2024-50076 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50076?
To fix CVE-2024-50076, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50076 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50076 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50076?
CVE-2024-50076 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.