--- /dev/null
+From f956052e00de211b5c9ebaa1958366c23f82ee9e Mon Sep 17 00:00:00 2001
+From: Jeongjun Park <aha310510@gmail.com>
+Date: Fri, 11 Oct 2024 02:46:19 +0900
+Subject: vt: prevent kernel-infoleak in con_font_get()
+
+From: Jeongjun Park <aha310510@gmail.com>
+
+commit f956052e00de211b5c9ebaa1958366c23f82ee9e upstream.
+
+font.data may not initialize all memory spaces depending on the implementation
+of vc->vc_sw->con_font_get. This may cause info-leak, so to prevent this, it
+is safest to modify it to initialize the allocated memory space to 0, and it
+generally does not affect the overall performance of the system.
+
+Cc: stable@vger.kernel.org
+Reported-by: syzbot+955da2d57931604ee691@syzkaller.appspotmail.com
+Fixes: 05e2600cb0a4 ("VT: Bump font size limitation to 64x128 pixels")
+Signed-off-by: Jeongjun Park <aha310510@gmail.com>
+Link: https://lore.kernel.org/r/20241010174619.59662-1-aha310510@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/vt/vt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/tty/vt/vt.c
++++ b/drivers/tty/vt/vt.c
+@@ -4519,7 +4519,7 @@ static int con_font_get(struct vc_data *
+ int c;
+
+ if (op->data) {
+- font.data = kmalloc(max_font_size, GFP_KERNEL);
++ font.data = kzalloc(max_font_size, GFP_KERNEL);
+ if (!font.data)
+ return -ENOMEM;
+ } else
projects / thirdparty / kernel / stable-queue.git / commitdiff
