HomeFreeBSD

MFC r331981:

Description

MFC r331981:

Limit glyph count in vtfont_load to avoid integer overflow.

Invalid font data passed to PIO_VFONT can result in an integer overflow
in glyphsize. Characters may then be drawn on the console using glyph
map entries that point beyond the end of allocated glyph memory,
resulting in a kernel memory disclosure.

Submitted by: emaste
Reported by: Dr. Silvio Cesare of InfoSect
Security: CVE-2018-6917
Security: FreeBSD-SA-18:04.vt
Sponsored by: The FreeBSD Foundation

Details

Committed
gordonApr 4 2018, 5:26 AM
Parents
rS331982: MFC r331981:
Branches
Unknown
Tags
Unknown