-

CVE-2025-40304

EPSS 0.03%
Veröffentlicht 08.12.2025 00:46:29
Zuletzt bearbeitet 08.12.2025 18:26:49
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds

Add bounds checking to prevent writes past framebuffer boundaries when
rendering text near screen edges. Return early if the Y position is off-screen
and clip image height to screen boundary. Break from the rendering loop if the
X position is off-screen. When clipping image width to fit the screen, update
the character count to match the clipped width to prevent buffer size
mismatches.

Without the character count update, bit_putcs_aligned and bit_putcs_unaligned
receive mismatched parameters where the buffer is allocated for the clipped
width but cnt reflects the original larger count, causing out-of-bounds writes.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 996bfaa7372d6718b6d860bdf78f6618e850c702

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < f0982400648a3e00580253e0c48e991f34d2684c

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 1943b69e87b0ab35032d47de0a7fca9a3d1d6fc1

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < ebc0730b490c7f27340b1222e01dd106e820320d

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 86df8ade88d290725554cefd03101ecd0fbd3752

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 15ba9acafb0517f8359ca30002c189a68ddbb939

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 2d1359e11674ed4274934eac8a71877ae5ae7bbb

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 3637d34b35b287ab830e66048841ace404382b67

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 5.4.*

Version 5.4.302

Status unaffected

Version <= 5.10.*

Version 5.10.247

Status unaffected

Version <= 5.15.*

Version 5.15.197

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.117

Status unaffected

Version <= 6.12.*

Version 6.12.58

Status unaffected

Version <= 6.17.*

Version 6.17.8

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/996bfaa7372d6718b6d860bdf78f6618e850c702

https://git.kernel.org/stable/c/f0982400648a3e00580253e0c48e991f34d2684c

https://git.kernel.org/stable/c/1943b69e87b0ab35032d47de0a7fca9a3d1d6fc1

https://git.kernel.org/stable/c/ebc0730b490c7f27340b1222e01dd106e820320d

https://git.kernel.org/stable/c/86df8ade88d290725554cefd03101ecd0fbd3752

https://git.kernel.org/stable/c/15ba9acafb0517f8359ca30002c189a68ddbb939

https://git.kernel.org/stable/c/2d1359e11674ed4274934eac8a71877ae5ae7bbb

https://git.kernel.org/stable/c/3637d34b35b287ab830e66048841ace404382b67

https://nvd.nist.gov/vuln/detail/CVE-2025-40304

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40304

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40304

EUVD