CVE-2025-38702

Summary

In the Linux kernel, the following vulnerability has been resolved:

fbdev: fix potential buffer overflow in do_register_framebuffer()

The current implementation may lead to buffer overflow when:

  1. Unregistration creates NULL gaps in registered_fb[]
  2. All array slots become occupied despite num_registered_fb < FB_MAX
  3. The registration loop exceeds array bounds

Add boundary check to prevent registered_fb[FB_MAX] access.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5c3f5a25c62230b7965804ce7a2e9305c3ca3961affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < cbe740de32bb0fb7a5213731ff5f26ea6718fca3affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 806f85bdd3a60187c21437fc51baace11f659f35affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2828a433c7d7a05b6f27c8148502095101dd0b09affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 523b84dc7ccea9c4d79126d6ed1cf9033cf83b05affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux6.1.149 <= 6.1.*unaffected
LinuxLinux6.6.103 <= 6.6.*unaffected
LinuxLinux6.12.43 <= 6.12.*unaffected
LinuxLinux6.15.11 <= 6.15.*unaffected
LinuxLinux6.16.2 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References