SB2025090475 - Out-of-bounds read in Linux kernel fbdev core driver
Published: September 4, 2025
Security Bulletin ID
SB2025090475
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-38685)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the con2fb_init_display() and fbcon_set_disp() functions in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/078e62bffca4b7e72e8f3550eb063ab981c36c7a
- https://git.kernel.org/stable/c/27b118aebdd84161c8ff5ce49d9d536f2af10754
- https://git.kernel.org/stable/c/4c4d7ddaf1d43780b106bedc692679f965dc5a3a
- https://git.kernel.org/stable/c/56701bf9eeb63219e378cb7fcbd066ea4eaeeb50
- https://git.kernel.org/stable/c/af0db3c1f898144846d4c172531a199bb3ca375d
- https://git.kernel.org/stable/c/cfec17721265e72e50cc69c6004fe3475cd38df2
- https://git.kernel.org/stable/c/ed9b8e5016230868c8d813d9179523f729fec8c6