CVE-2025-38702

high

Description

In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access.

References

https://git.kernel.org/stable/c/cbe740de32bb0fb7a5213731ff5f26ea6718fca3

https://git.kernel.org/stable/c/806f85bdd3a60187c21437fc51baace11f659f35

https://git.kernel.org/stable/c/5c3f5a25c62230b7965804ce7a2e9305c3ca3961

https://git.kernel.org/stable/c/523b84dc7ccea9c4d79126d6ed1cf9033cf83b05

https://git.kernel.org/stable/c/2828a433c7d7a05b6f27c8148502095101dd0b09

https://git.kernel.org/stable/c/248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399

Details

Source: Mitre, NVD

Published: 2025-09-04

Updated: 2025-09-05

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0003