CVE-2025-38702
HIGHLinux Kernel - Out-of-bounds Write in Framebuffer Registration
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access.
References (9)
Core 9
Core References
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-032379.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Scores
CVSS v3
7.8
EPSS
0.0002
EPSS Percentile
4.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (22)
debian/debian_linux
11.0
linux/Kernel
2.6.12 - 6.1.149linux
linux/Kernel
6.13.0 - 6.15.11linux
linux/Kernel
6.16.0 - 6.16.2linux
linux/Kernel
6.2.0 - 6.6.103linux
linux/Kernel
6.7.0 - 6.12.43linux
Linux/Linux
< 2.6.12
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 2828a433c7d7a05b6f27c8148502095101dd0b09
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 523b84dc7ccea9c4d79126d6ed1cf9033cf83b05
... and 12 more
Published
Sep 04, 2025
Tracked Since
Feb 18, 2026