CVE-2025-68296

EPSS 0.02%
Veröffentlicht 16.12.2025 15:06:15
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup

In the Linux kernel, the following vulnerability has been resolved:

drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup

Protect vga_switcheroo_client_fb_set() with console lock. Avoids OOB
access in fbcon_remap_all(). Without holding the console lock the call
races with switching outputs.

VGA switcheroo calls fbcon_remap_all() when switching clients. The fbcon
function uses struct fb_info.node, which is set by register_framebuffer().
As the fb-helper code currently sets up VGA switcheroo before registering
the framebuffer, the value of node is -1 and therefore not a legal value.
For example, fbcon uses the value within set_con2fb_map() [1] as an index
into an array.

Moving vga_switcheroo_client_fb_set() after register_framebuffer() can
result in VGA switching that does not switch fbcon correctly.

Therefore move vga_switcheroo_client_fb_set() under fbcon_fb_registered(),
which already holds the console lock. Fbdev calls fbcon_fb_registered()
from within register_framebuffer(). Serializes the helper with VGA
switcheroo's call to fbcon_remap_all().

Although vga_switcheroo_client_fb_set() takes an instance of struct fb_info
as parameter, it really only needs the contained fbcon state. Moving the
call to fbcon initialization is therefore cleaner than before. Only amdgpu,
i915, nouveau and radeon support vga_switcheroo. For all other drivers,
this change does nothing.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 6a9ee8af344e3bd7dbd61e67037096cdf7f83289

Version < 482330f8261b4bea8146d9bd69c1199e5dfcbb5c

Status affected

Version 6a9ee8af344e3bd7dbd61e67037096cdf7f83289

Version < 05814c389b53d2f3a0b9eeb90ba7a05ba77c4c2a

Status affected

Version 6a9ee8af344e3bd7dbd61e67037096cdf7f83289

Version < eb76d0f5553575599561010f24c277cc5b31d003

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.34

Status affected

Version 0

Version < 2.6.34

Status unaffected

Version <= 6.12.*

Version 6.12.61

Status unaffected

Version <= 6.17.*

Version 6.17.11

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/482330f8261b4bea8146d9bd69c1199e5dfcbb5c

https://git.kernel.org/stable/c/05814c389b53d2f3a0b9eeb90ba7a05ba77c4c2a

https://git.kernel.org/stable/c/eb76d0f5553575599561010f24c277cc5b31d003

https://nvd.nist.gov/vuln/detail/CVE-2025-68296

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68296

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68296

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-68296