CVE-2023-3161

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.

Weakness

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	*	6.2 (excluding)
Linux_kernel	Linux	6.2-rc1 (including)	6.2-rc1 (including)
Linux_kernel	Linux	6.2-rc2 (including)	6.2-rc2 (including)
Linux_kernel	Linux	6.2-rc3 (including)	6.2-rc3 (including)
Linux_kernel	Linux	6.2-rc4 (including)	6.2-rc4 (including)
Linux_kernel	Linux	6.2-rc5 (including)	6.2-rc5 (including)
Linux_kernel	Linux	6.2-rc6 (including)	6.2-rc6 (including)

Potential Mitigations

Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-3161
CWE	https://cwe.mitre.org/data/definitions/682.html

Incorrect Calculation

Weakness

Affected Software

Potential Mitigations

References

CVE-2023-3161

Incorrect Calculation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References