Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.12.1, < 6.1.149 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399Patch
- https://git.kernel.org/stable/c/2828a433c7d7a05b6f27c8148502095101dd0b09Patch
- https://git.kernel.org/stable/c/523b84dc7ccea9c4d79126d6ed1cf9033cf83b05Patch
- https://git.kernel.org/stable/c/5c3f5a25c62230b7965804ce7a2e9305c3ca3961Patch
- https://git.kernel.org/stable/c/806f85bdd3a60187c21437fc51baace11f659f35Patch
- https://git.kernel.org/stable/c/cbe740de32bb0fb7a5213731ff5f26ea6718fca3Patch
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlThird Party Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-032379.html
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
FAQ
What is CVE-2025-38702?
CVE-2025-38702 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. ...
How severe is CVE-2025-38702?
CVE-2025-38702 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-38702?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.