CVE-2025-40304
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's framebuffer device (fbdev) involves a lack of proper bounds checking in the bit_putcs function. Without these checks, when rendering text near the edges of the screen, the code can write past the allocated framebuffer boundaries, causing out-of-bounds memory writes. The fix adds bounds checking to prevent writes beyond the screen edges by returning early if the Y position is off-screen, clipping the image height to the screen boundary, breaking the rendering loop if the X position is off-screen, and updating the character count to match the clipped width to avoid buffer size mismatches.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds memory writes when rendering text near screen edges in the Linux framebuffer. Such memory corruption can cause system instability, crashes, or potentially be exploited to execute arbitrary code or escalate privileges, depending on the context and attacker capabilities.