Memory Management Vulnerability in Linux Kernel fbdev Affects Multiple Distributions
CVE-2025-38214

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38214?

A memory management vulnerability in the Linux kernel's fbdev subsystem can lead to a null pointer dereference during framebuffer mode setting. When an attempt is made to add a videomode and memory allocation fails, the function fb_set_var does not revert the fb_info->var to its previous state. This oversight may result in subsequent calls to fb_videomode_to_var failing, causing critical system stability issues. Proper error handling requires that if fb_set_var encounters a failure, it should restore the original fb_info->var as intended.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1a10d91766eb6ddfd5414e4785611e33a4fe0f9b

References

https://git.kernel.org/stable/c/ee20216f12d9482cd70e44dae...

https://git.kernel.org/stable/c/fab201d72fde38d081e2c5d4a...

https://git.kernel.org/stable/c/1a10d91766eb6ddfd5414e478...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025