Use After Free Vulnerability in Linux Kernel Affecting Framebuffer Devices
CVE-2025-40323

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40323?

In the Linux kernel, a use after free vulnerability exists due to improper handling of framebuffer modes during unregistration. When a framebuffer device is unregistered, the memory allocated for its mode list is freed, but the corresponding pointers in the global fb_display array remain unchanged, resulting in dangling pointers. This issue can be exploited through system calls that attempt to access freed modes, leading to potential system crashes and unpredictable behavior. Implementing a check within the do_unregister_framebuffer() function can prevent this vulnerability by ensuring freed modes are set to NULL in the fb_display array.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4ac18f0e6a6d599ca751c4cd98e522afc8e3d4eb

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 468f78276a37f4c6499385a4ce28f4f57be6655d

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/4ac18f0e6a6d599ca751c4cd9...

https://git.kernel.org/stable/c/468f78276a37f4c6499385a4c...

https://git.kernel.org/stable/c/c079d42f70109512eee49123a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON