CVE-2025-38685
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit This issue triggers when a userspace program does an ioctl FBIOPUT_CON2FBMAP by passing console number and frame buffer number. Ideally this maps console to frame buffer and updates the screen if console is visible. As part of mapping it has to do resize of console according to frame buffer info. if this resize fails and returns from vc_do_resize() and continues further. At this point console and new frame buffer are mapped and sets display vars. Despite failure still it continue to proceed updating the screen at later stages where vc_data is related to previous frame buffer and frame buffer info and display vars are mapped to new frame buffer and eventully leading to out-of-bounds write in fast_imageblit(). This bheviour is excepted only when fg_console is equal to requested console which is a visible console and updates screen with invalid struct references in fbcon_putcs().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-09-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38685
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's framebuffer device (fbdev) subsystem during the FBIOPUT_CON2FBMAP ioctl call, which maps a console to a framebuffer and updates the screen if the console is visible. If resizing the console to match the framebuffer info fails, the code incorrectly continues execution, resulting in a mismatch where the console and framebuffer are mapped but display variables are inconsistent. This leads to an out-of-bounds write in the fast_imageblit() function, caused by invalid struct references when updating the screen, potentially corrupting memory.


How can this vulnerability impact me? :

This vulnerability can lead to out-of-bounds memory writes in the Linux kernel, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges if exploited. This can compromise system security and reliability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart