CVE-2023-38409

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jul 17, 2023

Updated: Jul 27, 2023

Summary

CVE-2023-38409 is a vulnerability affecting the Linux kernel version prior to 6.2.12. In the file drivers/video/fbdev/core/fbcon.c, there is an issue with the 'set_con2fb_map' function. This flaw arises from the assignment of the con2fb_map only to the first virtual console (vc), resulting in the fbcon_registered_fb and fbcon_display arrays becoming desynchronized in the 'fbcon_mode_deleted' function. The desynchronization can potentially lead to security vulnerabilities or incorrect console behavior.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sByus0
https://www.cve.org/CVERecord?id=CVE-2023-38409
https://nvd.nist.gov/vuln/detail/CVE-2023-38409

Back to Vulnerability Database

CVE-2023-38409

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations