Race Condition in Linux Kernel Affects VGA Switcheroo Functionality
CVE-2025-68296
What is CVE-2025-68296?
In the Linux kernel, a race condition vulnerability exists in the VGA switcheroo functionality during framebuffer management. Specifically, the function vga_switcheroo_client_fb_set() was improperly managed regarding the console lock, allowing for potential out-of-bounds access when framebuffer outputs were switched. This could lead to incorrect framebuffer configuration, especially when the framebuffer is not registered prior to invoking the switcheroo mechanism. The vulnerability primarily pertains to systems utilizing the amdgpu, i915, nouveau, and radeon drivers. To mitigate this issue, the function call was relocated to occur after the framebuffer registration process, ensuring that all necessary checks were in place and facilitating safe framebuffer remapping.
Affected Version(s)
Linux 6a9ee8af344e3bd7dbd61e67037096cdf7f83289 < 482330f8261b4bea8146d9bd69c1199e5dfcbb5c
Linux 6a9ee8af344e3bd7dbd61e67037096cdf7f83289 < 05814c389b53d2f3a0b9eeb90ba7a05ba77c4c2a
Linux 6a9ee8af344e3bd7dbd61e67037096cdf7f83289