Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2024-26798: SUSE Linux Security Advisory

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

SUSE: CVE-2024-26798: SUSE Linux Security Advisory

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/04/2024
Created
05/06/2024
Added
05/06/2024
Modified
05/16/2024

Description

In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font data in fbcon_do_set_font() Commit a5a923038d70 (fbdev: fbcon: Properly revert changes when vc_resize() failed) started restoring old font data upon failure (of vc_resize()). But it performs so only for user fonts. It means that the "system"/internal fonts are not restored at all. So in result, the very first call to fbcon_do_set_font() performs no restore at all upon failing vc_resize(). This can be reproduced by Syzkaller to crash the system on the next invocation of font_get(). It's rather hard to hit the allocation failure in vc_resize() on the first font_set(), but not impossible. Esp. if fault injection is used to aid the execution/failure. It was demonstrated by Sirius: BUG: unable to handle page fault for address: fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD cb7b067 P4D cb7b067 PUD cb7d067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8007 Comm: poc Not tainted 6.7.0-g9d1694dc91ce #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:fbcon_get_font+0x229/0x800 drivers/video/fbdev/core/fbcon.c:2286 Call Trace: <TASK> con_font_get drivers/tty/vt/vt.c:4558 [inline] con_font_op+0x1fc/0xf20 drivers/tty/vt/vt.c:4673 vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline] vt_ioctl+0x632/0x2ec0 drivers/tty/vt/vt_ioctl.c:752 tty_ioctl+0x6f8/0x1570 drivers/tty/tty_io.c:2803 vfs_ioctl fs/ioctl.c:51 [inline] ... So restore the font data in any case, not only for user fonts. Note the later 'if' is now protected by 'old_userfont' and not 'old_data' as the latter is always set now. (And it is supposed to be non-NULL. Otherwise we would see the bug above again.)

Solution(s)

  • suse-upgrade-cluster-md-kmp-64kb
  • suse-upgrade-cluster-md-kmp-azure
  • suse-upgrade-cluster-md-kmp-default
  • suse-upgrade-cluster-md-kmp-rt
  • suse-upgrade-dlm-kmp-64kb
  • suse-upgrade-dlm-kmp-azure
  • suse-upgrade-dlm-kmp-default
  • suse-upgrade-dlm-kmp-rt
  • suse-upgrade-dtb-allwinner
  • suse-upgrade-dtb-altera
  • suse-upgrade-dtb-amazon
  • suse-upgrade-dtb-amd
  • suse-upgrade-dtb-amlogic
  • suse-upgrade-dtb-apm
  • suse-upgrade-dtb-apple
  • suse-upgrade-dtb-arm
  • suse-upgrade-dtb-broadcom
  • suse-upgrade-dtb-cavium
  • suse-upgrade-dtb-exynos
  • suse-upgrade-dtb-freescale
  • suse-upgrade-dtb-hisilicon
  • suse-upgrade-dtb-lg
  • suse-upgrade-dtb-marvell
  • suse-upgrade-dtb-mediatek
  • suse-upgrade-dtb-nvidia
  • suse-upgrade-dtb-qcom
  • suse-upgrade-dtb-renesas
  • suse-upgrade-dtb-rockchip
  • suse-upgrade-dtb-socionext
  • suse-upgrade-dtb-sprd
  • suse-upgrade-dtb-xilinx
  • suse-upgrade-gfs2-kmp-64kb
  • suse-upgrade-gfs2-kmp-azure
  • suse-upgrade-gfs2-kmp-default
  • suse-upgrade-gfs2-kmp-rt
  • suse-upgrade-kernel-64kb
  • suse-upgrade-kernel-64kb-devel
  • suse-upgrade-kernel-64kb-extra
  • suse-upgrade-kernel-64kb-livepatch-devel
  • suse-upgrade-kernel-64kb-optional
  • suse-upgrade-kernel-azure
  • suse-upgrade-kernel-azure-devel
  • suse-upgrade-kernel-azure-extra
  • suse-upgrade-kernel-azure-livepatch-devel
  • suse-upgrade-kernel-azure-optional
  • suse-upgrade-kernel-azure-vdso
  • suse-upgrade-kernel-debug
  • suse-upgrade-kernel-debug-devel
  • suse-upgrade-kernel-debug-livepatch-devel
  • suse-upgrade-kernel-debug-vdso
  • suse-upgrade-kernel-default
  • suse-upgrade-kernel-default-base
  • suse-upgrade-kernel-default-base-rebuild
  • suse-upgrade-kernel-default-devel
  • suse-upgrade-kernel-default-extra
  • suse-upgrade-kernel-default-livepatch
  • suse-upgrade-kernel-default-livepatch-devel
  • suse-upgrade-kernel-default-optional
  • suse-upgrade-kernel-default-vdso
  • suse-upgrade-kernel-devel
  • suse-upgrade-kernel-devel-azure
  • suse-upgrade-kernel-devel-rt
  • suse-upgrade-kernel-docs
  • suse-upgrade-kernel-docs-html
  • suse-upgrade-kernel-kvmsmall
  • suse-upgrade-kernel-kvmsmall-devel
  • suse-upgrade-kernel-kvmsmall-livepatch-devel
  • suse-upgrade-kernel-kvmsmall-vdso
  • suse-upgrade-kernel-macros
  • suse-upgrade-kernel-obs-build
  • suse-upgrade-kernel-obs-qa
  • suse-upgrade-kernel-rt
  • suse-upgrade-kernel-rt-devel
  • suse-upgrade-kernel-rt-extra
  • suse-upgrade-kernel-rt-livepatch
  • suse-upgrade-kernel-rt-livepatch-devel
  • suse-upgrade-kernel-rt-optional
  • suse-upgrade-kernel-rt-vdso
  • suse-upgrade-kernel-rt_debug
  • suse-upgrade-kernel-rt_debug-devel
  • suse-upgrade-kernel-rt_debug-livepatch-devel
  • suse-upgrade-kernel-rt_debug-vdso
  • suse-upgrade-kernel-source
  • suse-upgrade-kernel-source-azure
  • suse-upgrade-kernel-source-rt
  • suse-upgrade-kernel-source-vanilla
  • suse-upgrade-kernel-syms
  • suse-upgrade-kernel-syms-azure
  • suse-upgrade-kernel-syms-rt
  • suse-upgrade-kernel-zfcpdump
  • suse-upgrade-kselftests-kmp-64kb
  • suse-upgrade-kselftests-kmp-azure
  • suse-upgrade-kselftests-kmp-default
  • suse-upgrade-kselftests-kmp-rt
  • suse-upgrade-ocfs2-kmp-64kb
  • suse-upgrade-ocfs2-kmp-azure
  • suse-upgrade-ocfs2-kmp-default
  • suse-upgrade-ocfs2-kmp-rt
  • suse-upgrade-reiserfs-kmp-64kb
  • suse-upgrade-reiserfs-kmp-azure
  • suse-upgrade-reiserfs-kmp-default
  • suse-upgrade-reiserfs-kmp-rt

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;