CVE-2026-46191 Linux CVE debrief

Who should care

Linux system administrators managing servers or workstations with framebuffer console configurations; embedded systems using fbcon for display output; security teams tracking kernel local privilege escalation vectors

Technical summary

The fbcon_rotate_font() function in the Linux kernel's framebuffer console driver failed to properly handle memory reallocation failures during console rotation. When rotation was requested but buffer reallocation failed, the function retained the original font buffer which was sized for unrotated output. Subsequent character output operations (putcs) with high character codes would then write beyond the allocated buffer bounds. The resolution clears the font buffer pointer on reallocation failure, causing dependent output functions to detect the null buffer and return early without performing memory access.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the fbcon fix for affected stable branches once available through distribution channels
• Review systems using framebuffer console rotation (fbcon) for local console configurations
• Monitor kernel stable tree commits for backport status to currently deployed kernel versions
• Consider disabling framebuffer console rotation where not required as a temporary risk reduction measure

Evidence notes

The vulnerability description and resolution are sourced from the official CVE record published 2026-05-28. The fix involves clearing the font buffer in fbcon_rotate_font() when reallocation fails, preventing subsequent OOB access during character output. Multiple stable kernel branch commits are referenced, indicating backports to maintained kernel versions.

Official resources