-

CVE-2025-40322

EPSS 0.04%
Veröffentlicht 08.12.2025 00:46:49
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

fbdev: bitblit: bound-check glyph index in bit_putcs*

In the Linux kernel, the following vulnerability has been resolved:

fbdev: bitblit: bound-check glyph index in bit_putcs*

bit_putcs_aligned()/unaligned() derived the glyph pointer from the
character value masked by 0xff/0x1ff, which may exceed the actual font's
glyph count and read past the end of the built-in font array.
Clamp the index to the actual glyph count before computing the address.

This fixes a global out-of-bounds read reported by syzbot.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < a10cede006f9614b465cf25609a8753efbfd45cc

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 0998a6cb232674408a03e8561dc15aa266b2f53b

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < db5c9a162d2f42bcc842b76b3d935dcc050a0eec

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < c12003bf91fdff381c55ef54fef3e961a5af2545

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 9ba1a7802ca9a2590cef95b253e6526f4364477f

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 901f44227072be60812fe8083e83e1533c04eed1

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < efaf89a75a29b2d179bf4fe63ca62852e93ad620

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 18c4ef4e765a798b47980555ed665d78b71aeadf

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.12

Status affected

Version 0

Version < 2.6.12

Status unaffected

Version <= 5.4.*

Version 5.4.302

Status unaffected

Version <= 5.10.*

Version 5.10.247

Status unaffected

Version <= 5.15.*

Version 5.15.197

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.117

Status unaffected

Version <= 6.12.*

Version 6.12.58

Status unaffected

Version <= 6.17.*

Version 6.17.8

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.129

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/a10cede006f9614b465cf25609a8753efbfd45cc

https://git.kernel.org/stable/c/0998a6cb232674408a03e8561dc15aa266b2f53b

https://git.kernel.org/stable/c/db5c9a162d2f42bcc842b76b3d935dcc050a0eec

https://git.kernel.org/stable/c/c12003bf91fdff381c55ef54fef3e961a5af2545

https://git.kernel.org/stable/c/9ba1a7802ca9a2590cef95b253e6526f4364477f

https://git.kernel.org/stable/c/901f44227072be60812fe8083e83e1533c04eed1

https://git.kernel.org/stable/c/efaf89a75a29b2d179bf4fe63ca62852e93ad620

https://git.kernel.org/stable/c/18c4ef4e765a798b47980555ed665d78b71aeadf

https://nvd.nist.gov/vuln/detail/CVE-2025-40322

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40322

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40322

EUVD