CVE-2023-3161 — Incorrect Bitwise Shift of Integer in Kernel

CWE-1335 — Incorrect Bitwise Shift of Integer CWE-682 — Incorrect Calculation15 documents10 sources

Severity

5.5MEDIUMNVD

OSV4.7

EPSS

0.0%

top 97.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Fedoraproject Fedora Redhat Enterprise Linux +1 more

Timeline

PublishedJun 12

Latest updateFeb 14

Description

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel< 6.2+1

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶Ubuntulinux/linux_kernel< 4.4.0-243.277

▶Palo Altopaloalto/pan-os

Also affects: Enterprise Linux 8.0, 9.0, Fedora 38

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

linux-iot vulnerabilities↗2023-07-27

▶

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2023-07-26

▶

OSV

linux-xilinx-zynqmp vulnerabilities↗2023-07-12

▶

OSV

CVE-2023-3161: A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel↗2023-06-12

▶

CVEList

CVE-2023-3161: A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel↗2023-06-12

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Ubuntu

Linux kernel (IoT) vulnerabilities↗2023-07-27

▶

Ubuntu

Linux kernel vulnerabilities↗2023-07-26

▶

Ubuntu

Linux kernel (Xilinx ZynqMP) vulnerabilities↗2023-07-12

▶

Microsoft

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font since there are no checks in place a shift-out-of↗2023-06-13

▶

💬Community

Bugzilla

CVE-2023-3161 kernel: fbcon: shift-out-of-bounds in fbcon_set_font()↗2023-06-08

▶