CVE-2024-26798
📋 TL;DR
A memory management vulnerability in the Linux kernel's framebuffer console (fbcon) font handling can lead to a kernel panic or system crash. When fbcon_do_set_font() fails during font changes, it doesn't properly restore internal font data, causing subsequent font operations to access invalid memory. This affects Linux systems with framebuffer console enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical access or reboot to restore functionality.
Likely Case
System crash or kernel panic when font operations are performed after a failed font change, resulting in denial of service.
If Mitigated
No impact if patched or if framebuffer console is disabled/unused.
🎯 Exploit Status
Syzkaller fuzzer demonstrated the crash. Exploitation requires ability to trigger font operations, typically needing local access and appropriate privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f or later
Vendor Advisory: https://git.kernel.org/stable/c/00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable framebuffer console
linuxRemove framebuffer console usage to eliminate attack surface
Add 'console=ttyS0' or 'console=tty0' to kernel boot parameters instead of fbcon
Remove 'vga=' or 'video=' parameters from boot configuration
Restrict font operations
linuxLimit ability to change console fonts via permissions
chmod 440 /dev/tty*
Set appropriate SELinux/AppArmor policies for font operations
🧯 If You Can't Patch
- Disable framebuffer console usage in boot configuration
- Implement strict access controls to prevent unauthorized users from performing console font operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare against distribution's patched versions. Vulnerable if using kernel before fix commits.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commits. Check that framebuffer console functions properly after font changes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages related to fbcon_get_font
- Page fault errors at address fffffffffffffff8 in kernel logs
- System crash/reboot events after console operations
Network Indicators:
- None - local vulnerability only
SIEM Query:
event_source:kernel AND (message:"BUG: unable to handle page fault" OR message:"fbcon_get_font" OR message:"#PF: supervisor read access")🔗 References
- https://git.kernel.org/stable/c/00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f
- https://git.kernel.org/stable/c/20a4b5214f7bee13c897477168c77bbf79683c3d
- https://git.kernel.org/stable/c/2f91a96b892fab2f2543b4a55740c5bee36b1a6b
- https://git.kernel.org/stable/c/73a6bd68a1342f3a44cac9dffad81ad6a003e520
- https://git.kernel.org/stable/c/a2c881413dcc5d801bdc9535e51270cc88cb9cd8
- https://git.kernel.org/stable/c/ae68f57df3335679653868fafccd8c88ef84ae98
- https://git.kernel.org/stable/c/00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f
- https://git.kernel.org/stable/c/20a4b5214f7bee13c897477168c77bbf79683c3d
- https://git.kernel.org/stable/c/2f91a96b892fab2f2543b4a55740c5bee36b1a6b
- https://git.kernel.org/stable/c/73a6bd68a1342f3a44cac9dffad81ad6a003e520
- https://git.kernel.org/stable/c/a2c881413dcc5d801bdc9535e51270cc88cb9cd8
