In the Linux kernel, the following vulnerability has been resolved:
fbcon: Avoid OOB font access if console rotation fails
Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont(). The putcs implementations for the rotated buffer will return early in this case. See [1] for an example.
Currently, fbconrotatefont() keeps the old buffer, which is too small for the rotated font. Printing to the rotated console with a high-enough character code will overflow the font buffer.
v2: - fix typos in commit message
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46191.json",
"cna_assigner": "Linux"
}