CVE-2025-38312
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's framebuffer device (fbdev) core, specifically in the fbcvt function. When a certain mode's refresh rate is set to a specific large value (0x80000000), an overflow causes the refresh rate to become zero during calculation. This zero value is then used as a divisor in the fb_cvt_hperiod() function, leading to a division by zero error which causes the kernel to crash (kernel oops). The issue was fixed by adding a sanity check to prevent this overflow and division by zero.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash unexpectedly due to a division by zero error. Such kernel crashes (kernel oops) can lead to system instability, potential denial of service, and disruption of normal operations on affected systems.