Login Sign Up

CVE-2022-49948

7.1 HIGH
Denial of Service

📋 TL;DR

A Linux kernel vulnerability in the virtual terminal subsystem allows out-of-bounds memory access when changing console fonts. Attackers could potentially read or write kernel memory, leading to information disclosure or system crashes. This affects Linux systems with console access, particularly multi-user systems or those with physical access.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific affected versions not specified in CVE, but patches exist in stable kernel trees
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires console access and ability to change fonts via KDFONTOP ioctl. Virtual terminals must be in use.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to privilege escalation, system crash, or information disclosure of sensitive kernel data.

🟠

Likely Case

System crash or denial of service due to invalid memory access, potentially causing kernel panic.

🟢

If Mitigated

Limited impact if console access is restricted and users cannot change fonts via KDFONTOP ioctl.

🌐 Internet-Facing: LOW - Requires local console access, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Requires local access or ability to execute commands with console privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to manipulate console font settings. Not trivial to weaponize for privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel releases via commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/1cf1930369c9dc428d827b60260c53271bff3285

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Restrict console font changes

linux

Prevent users from changing console fonts via KDFONTOP ioctl

echo 'kernel.vt.allow_font_op = 0' >> /etc/sysctl.conf
sysctl -p

Disable virtual terminals

linux

Remove virtual terminal access for non-privileged users

chmod 620 /dev/tty*
setfacl -m u:root:rw /dev/tty*

🧯 If You Can't Patch

  • Restrict physical and console access to trusted users only
  • Implement strict access controls on /dev/tty devices and disable font operations via sysctl

🔍 How to Verify

Check if Vulnerable:

Check kernel version against distribution security advisories. Vulnerable if using unpatched kernel with console access enabled.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version matches patched release from vendor. Check that /proc/sys/kernel/vt/allow_font_op is 0 if workaround applied.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • OOM (out of memory) errors in dmesg
  • Failed KDFONTOP ioctl attempts in audit logs

Network Indicators:

  • None - local exploit only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault") AND process="console"

📊 Metadata

CVE ID: CVE-2022-49948
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
EPSS Score: 0.01% exploit probability (0.8th percentile)
Published: June 18, 2025
Last Updated: November 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49948, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)