Null Pointer Dereference in Linux Kernel's fbdev Leading to System Instability
CVE-2025-38215

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38215?

A vulnerability in the Linux kernel's framebuffer device (fbdev) module can lead to a null pointer dereference if memory allocation for fb_videomode fails during the framebuffer registration process. This error occurs when fb_add_videomode() fails to allocate necessary resources, causing subsequent code attempts to access uninitialized memory. The issue can result in a general protection fault, leading to system instability and potential crashes. Developers are advised to implement the latest fixes to prevent such vulnerabilities from being exploited.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0909b2b49c4546a7a08c80f53d93736b63270827

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3f2098f4fba7718eb2501207ca6e99d22427f25a

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/0909b2b49c4546a7a08c80f53...

https://git.kernel.org/stable/c/3f2098f4fba7718eb2501207c...

https://git.kernel.org/stable/c/d803c4c2a4ac8ce2be6d899d5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025