CVE-2024-50076: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50076 is a vulnerability discovered in the Linux kernel's virtual terminal (VT) subsystem, specifically in the confontget() function. The vulnerability was disclosed on October 28, 2024, and affects Linux kernel versions from 6.3 up to versions before 6.6.58, and from 6.7 up to versions before 6.11.5. The issue stems from uninitialized memory spaces in the font data handling mechanism (NVD).

The vulnerability occurs in the confontget() function where font.data memory spaces may not be properly initialized, depending on the implementation of vc->vcsw->confont_get. The issue was traced back to the commit that bumped font size limitation to 64x128 pixels. The CVSS v3.1 base score is 6.5 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability can lead to information leakage from kernel memory, potentially exposing sensitive data. The impact is primarily focused on confidentiality, with no direct impact on system integrity or availability (NVD).

The vulnerability has been patched by modifying the code to initialize the allocated memory space to zero using kzalloc/kvzalloc instead of kmalloc/kvmalloc. This fix has been implemented without significant impact on system performance (Kernel Patch).