CVE-2025-40322
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbdev: bitblit: bound-check glyph index in bit_putcs*
bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the built-in font array. Clamp the index to the actual glyph count before computing the address.
This fixes a global out-of-bounds read reported by syzbot.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a10cede006f9614b465cf25609a8753efbfd45cc | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0998a6cb232674408a03e8561dc15aa266b2f53b | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < db5c9a162d2f42bcc842b76b3d935dcc050a0eec | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < c12003bf91fdff381c55ef54fef3e961a5af2545 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9ba1a7802ca9a2590cef95b253e6526f4364477f | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 901f44227072be60812fe8083e83e1533c04eed1 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < efaf89a75a29b2d179bf4fe63ca62852e93ad620 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 18c4ef4e765a798b47980555ed665d78b71aeadf | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 5.4.302 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.247 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.197 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.159 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.117 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.58 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.8 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/a10cede006f9614b465cf25609a8753efbfd45cc
- https://git.kernel.org/stable/c/0998a6cb232674408a03e8561dc15aa266b2f53b
- https://git.kernel.org/stable/c/db5c9a162d2f42bcc842b76b3d935dcc050a0eec
- https://git.kernel.org/stable/c/c12003bf91fdff381c55ef54fef3e961a5af2545
- https://git.kernel.org/stable/c/9ba1a7802ca9a2590cef95b253e6526f4364477f
- https://git.kernel.org/stable/c/901f44227072be60812fe8083e83e1533c04eed1
- https://git.kernel.org/stable/c/efaf89a75a29b2d179bf4fe63ca62852e93ad620
- https://git.kernel.org/stable/c/18c4ef4e765a798b47980555ed665d78b71aeadf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.