CVE-2025-40304
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip image height to screen boundary. Break from the rendering loop if the X position is off-screen. When clipping image width to fit the screen, update the character count to match the clipped width to prevent buffer size mismatches.
Without the character count update, bit_putcs_aligned and bit_putcs_unaligned receive mismatched parameters where the buffer is allocated for the clipped width but cnt reflects the original larger count, causing out-of-bounds writes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 996bfaa7372d6718b6d860bdf78f6618e850c702 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f0982400648a3e00580253e0c48e991f34d2684c | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1943b69e87b0ab35032d47de0a7fca9a3d1d6fc1 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ebc0730b490c7f27340b1222e01dd106e820320d | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 86df8ade88d290725554cefd03101ecd0fbd3752 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 15ba9acafb0517f8359ca30002c189a68ddbb939 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2d1359e11674ed4274934eac8a71877ae5ae7bbb | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3637d34b35b287ab830e66048841ace404382b67 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 5.4.302 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.247 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.197 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.159 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.117 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.58 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.8 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/996bfaa7372d6718b6d860bdf78f6618e850c702
- https://git.kernel.org/stable/c/f0982400648a3e00580253e0c48e991f34d2684c
- https://git.kernel.org/stable/c/1943b69e87b0ab35032d47de0a7fca9a3d1d6fc1
- https://git.kernel.org/stable/c/ebc0730b490c7f27340b1222e01dd106e820320d
- https://git.kernel.org/stable/c/86df8ade88d290725554cefd03101ecd0fbd3752
- https://git.kernel.org/stable/c/15ba9acafb0517f8359ca30002c189a68ddbb939
- https://git.kernel.org/stable/c/2d1359e11674ed4274934eac8a71877ae5ae7bbb
- https://git.kernel.org/stable/c/3637d34b35b287ab830e66048841ace404382b67
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.