SB2025120879 - Out-of-bounds read in Linux kernel fbdev core driver
Published: December 8, 2025
Security Bulletin ID
SB2025120879
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-40304)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bit_putcs() function in drivers/video/fbdev/core/bitblit.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/15ba9acafb0517f8359ca30002c189a68ddbb939
- https://git.kernel.org/stable/c/1943b69e87b0ab35032d47de0a7fca9a3d1d6fc1
- https://git.kernel.org/stable/c/2d1359e11674ed4274934eac8a71877ae5ae7bbb
- https://git.kernel.org/stable/c/3637d34b35b287ab830e66048841ace404382b67
- https://git.kernel.org/stable/c/86df8ade88d290725554cefd03101ecd0fbd3752
- https://git.kernel.org/stable/c/996bfaa7372d6718b6d860bdf78f6618e850c702
- https://git.kernel.org/stable/c/ebc0730b490c7f27340b1222e01dd106e820320d
- https://git.kernel.org/stable/c/f0982400648a3e00580253e0c48e991f34d2684c