CVE-2025-38198
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-07-04

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28 index -1 is out of range for type 'fb_info *[32]' ... fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122 fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048 fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673 store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113 dev_attr_store+0x55/0x80 drivers/base/core.c:2439 static struct fb_info *fbcon_registered_fb[FB_MAX]; ... static signed char con2fb_map[MAX_NR_CONSOLES]; ... static struct fb_info *fbcon_info_from_console(int console) ... return fbcon_registered_fb[con2fb_map[console]]; If con2fb_map contains a -1 things go wrong here. Instead, return NULL, as callers of fbcon_info_from_console() are trying to compare against existing "info" pointers, so error handling should kick in correctly.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-04
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-07-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38198
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 6.1.142 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.95 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.35 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.4 (exc)
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's framebuffer console (fbcon) occurs when attempting to write to the 'store_modes' sysfs node for an unregistered console. Specifically, an array index out-of-bounds error happens because the con2fb_map array can contain a -1 value, which is used as an index into the fbcon_registered_fb array. This leads to accessing invalid memory. The fix involves returning NULL when con2fb_map contains -1, allowing proper error handling instead of causing an out-of-bounds access.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to access invalid memory due to an out-of-bounds array index, potentially leading to kernel crashes or instability. This could affect system reliability and availability, possibly causing denial of service conditions.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart