CVE-2025-39967
BaseFortify
Publication date: 2025-10-15
Last updated on: 2026-02-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 5.9 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow in the Linux kernel's fbcon_do_set_font() function. It occurs when calculations for font size, based on user-controlled parameters, overflow during multiplication or addition. This causes the system to allocate less memory than needed, leading to buffer overflows when copying font data. The issue was fixed by adding explicit overflow checks to ensure safe size calculations before memory allocation.
How can this vulnerability impact me? :
The vulnerability can lead to buffer overflows in the Linux kernel when handling font data, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges if exploited.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version that includes the fix for the integer overflow in fbcon_do_set_font(), which adds explicit overflow checking to prevent buffer overflows. Until then, avoid using untrusted user-controlled font parameters that could trigger the vulnerability.