Out-of-Bounds Read Vulnerability in Linux Kernel fbdev Component
CVE-2025-40322
What is CVE-2025-40322?
A vulnerability has been identified in the fbdev component of the Linux kernel that can lead to an out-of-bounds read. This issue arises from the bit_putcs_aligned() and bit_putcs_unaligned() functions, which improperly derive the glyph pointer from a character value masked by 0xff/0x1ff. If this value exceeds the actual number of glyphs in a font, it can result in accessing memory beyond the allocated font array. To mitigate this risk, the index is clamped to ensure it remains within the actual glyph count before any address computations are performed, thus protecting against potential data leaks and enhancing overall system security.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0998a6cb232674408a03e8561dc15aa266b2f53b
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2