CVE-2026-46191

NONECVSS 0.0

0.0

In the Linux kernel, the following vulnerability has been resolved:

fbcon: Avoid OOB font access if console rotation fails

Clear the font buffer if the reallocation during console rotation fails in fbcon_rotate_font(). The putcs implementations for the rotated buffer will return early in this case. See [1] for an example.

Currently, fbcon_rotate_font() keeps the old buffer, which is too small for the rotated font. Printing to the rotated console with a high-enough character code will overflow the font buffer.

v2:

fix typos in commit message

CVSS v3: —
EG Score: 0.0(none)
EPSS: 5.1%
KEV: Not listed

Published

May 28, 2026

Last Modified

May 28, 2026

References (5)

416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/594973a2e54924d8ba31c9faac669fc1ba6fcb80
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7105d9f1387d63b15c9a860674fc92c959181f2f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ab6c34b9829d5de03f1d08a47a2253729a6e7e27
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b44cc78ff46b96e72d333a3be6aaaa0a14797263
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e4ef723d8975a2694cc90733a6b888a5e2841842

Vendor Advisories for CVE-2026-46191(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

GHSA-8j9w-r5cf-prpv
GitHub Security Advisoriesunknown
In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access...

Data Freshness Timeline

(refreshed 9× in last 7d / 9× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-05-31 22:30 UTCepss_batch
2026-05-31 22:30 UTCepss_batch
2026-05-31 00:16 UTCepss_batch
2026-05-31 00:16 UTCepss_batch
2026-05-29 13:44 UTCepss_batch
2026-05-29 13:44 UTCepss_batch
2026-05-28 13:44 UTCepss_batch
2026-05-28 13:44 UTCepss_batch
2026-05-28 10:10 UTCEG score recompute

Frequently asked(4)

What is CVE-2026-46191?

CVE-2026-46191 is a none vulnerability published on May 28, 2026. In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont(). The putcs implementations for the rotated buffer will return early in this case.…

When was CVE-2026-46191 disclosed?

CVE-2026-46191 was first published in the National Vulnerability Database on May 28, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2026-46191 actively exploited?

CVE-2026-46191 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 5.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

How do I remediate CVE-2026-46191?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-46191, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-46191

Explore →

Is Your Infrastructure Affected by CVE-2026-46191?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2026-46191

📅 Published

🔄 Last Modified

🔗 References (5)

📣 Vendor Advisories for CVE-2026-46191(1)