Null Pointer Dereference Vulnerability in Linux Kernel's Framebuffer Driver
CVE-2025-38630

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38630?

A vulnerability in the Linux kernel's framebuffer driver may lead to a null pointer dereference issue. The function fb_add_videomode() can return -ENOMEM if memory allocation fails, which can result in an empty modelist while allowing the driver to continue its registration process. This flaw necessitates a check for the return value of fb_add_videomode() to prevent potential null pointer dereference, mirroring corrections made in previous commits to enhance the driver's stability.

Affected Version(s)

Linux 1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c

Linux 1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c < 4b5d36cc3014986e6fac12eaa8433fe56801d4ce

Linux 1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c < 40f0a51f6c54d46a94b9f1180339ede7ca7ee190

References

https://git.kernel.org/stable/c/ac16154cccda8be10ee3ae188...

https://git.kernel.org/stable/c/4b5d36cc3014986e6fac12eaa...

https://git.kernel.org/stable/c/40f0a51f6c54d46a94b9f1180...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025