CVE-2025-38427

EPSS 0.03%
Published 25.07.2025 15:15:27
Last modified 25.07.2025 15:29:19
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

video: screen_info: Relocate framebuffers behind PCI bridges

Apply PCI host-bridge window offsets to screen_info framebuffers. Fixes
invalid access to I/O memory.

Resources behind a PCI host bridge can be relocated by a certain offset
in the kernel's CPU address range used for I/O. The framebuffer memory
range stored in screen_info refers to the CPU addresses as seen during
boot (where the offset is 0). During boot up, firmware may assign a
different memory offset to the PCI host bridge and thereby relocating
the framebuffer address of the PCI graphics device as seen by the kernel.
The information in screen_info must be updated as well.

The helper pcibios_bus_to_resource() performs the relocation of the
screen_info's framebuffer resource (given in PCI bus addresses). The
result matches the I/O-memory resource of the PCI graphics device (given
in CPU addresses). As before, we store away the information necessary to
later update the information in screen_info itself.

Commit 78aa89d1dfba ("firmware/sysfb: Update screen_info for relocated
EFI framebuffers") added the code for updating screen_info. It is based
on similar functionality that pre-existed in efifb. Efifb uses a pointer
to the PCI resource, while the newer code does a memcpy of the region.
Hence efifb sees any updates to the PCI resource and avoids the issue.

v3:
- Only use struct pci_bus_region for PCI bus addresses (Bjorn)
- Clarify address semantics in commit messages and comments (Bjorn)
v2:
- Fixed tags (Takashi, Ivan)
- Updated information on efifb

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < cc3cc41ed67054a03134bea42408c720eec0fa04

Version a168da3182f8727b338509cb413147aa29012d6f

Status affected

Version < 5c70e3ad85d2890d8af375333699429de26327f2

Version 78aa89d1dfba1e3cf4a2e053afa3b4c4ec622371

Status affected

Version < aeda386d86d79269a08f470dbdc53d13a91e51fa

Version 78aa89d1dfba1e3cf4a2e053afa3b4c4ec622371

Status affected

Version < 2f29b5c231011b94007d2c8a6d793992f2275db1

Version 78aa89d1dfba1e3cf4a2e053afa3b4c4ec622371

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.9

Status affected

Version < 6.9

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.95

Status unaffected

Version <= 6.12.*

Version 6.12.35

Status unaffected

Version <= 6.15.*

Version 6.15.4

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.06

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/2f29b5c231011b94007d2c8a6d793992f2275db1

https://git.kernel.org/stable/c/5c70e3ad85d2890d8af375333699429de26327f2

https://git.kernel.org/stable/c/aeda386d86d79269a08f470dbdc53d13a91e51fa

https://git.kernel.org/stable/c/cc3cc41ed67054a03134bea42408c720eec0fa04

https://nvd.nist.gov/vuln/detail/CVE-2025-38427

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38427

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38427

EUVD