CVE-2025-68296

EPSS 0.02%
Veröffentlicht 16.12.2025 15:06:15
Zuletzt bearbeitet 18.12.2025 15:08:06
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup

Protect vga_switcheroo_client_fb_set() with console lock. Avoids OOB
access in fbcon_remap_all(). Without holding the console lock the call
races with switching outputs.

VGA switcheroo calls fbcon_remap_all() when switching clients. The fbcon
function uses struct fb_info.node, which is set by register_framebuffer().
As the fb-helper code currently sets up VGA switcheroo before registering
the framebuffer, the value of node is -1 and therefore not a legal value.
For example, fbcon uses the value within set_con2fb_map() [1] as an index
into an array.

Moving vga_switcheroo_client_fb_set() after register_framebuffer() can
result in VGA switching that does not switch fbcon correctly.

Therefore move vga_switcheroo_client_fb_set() under fbcon_fb_registered(),
which already holds the console lock. Fbdev calls fbcon_fb_registered()
from within register_framebuffer(). Serializes the helper with VGA
switcheroo's call to fbcon_remap_all().

Although vga_switcheroo_client_fb_set() takes an instance of struct fb_info
as parameter, it really only needs the contained fbcon state. Moving the
call to fbcon initialization is therefore cleaner than before. Only amdgpu,
i915, nouveau and radeon support vga_switcheroo. For all other drivers,
this change does nothing.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 482330f8261b4bea8146d9bd69c1199e5dfcbb5c

Version 6a9ee8af344e3bd7dbd61e67037096cdf7f83289

Status affected

Version < 05814c389b53d2f3a0b9eeb90ba7a05ba77c4c2a

Version 6a9ee8af344e3bd7dbd61e67037096cdf7f83289

Status affected

Version < eb76d0f5553575599561010f24c277cc5b31d003

Version 6a9ee8af344e3bd7dbd61e67037096cdf7f83289

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.34

Status affected

Version < 2.6.34

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.61

Status unaffected

Version <= 6.17.*

Version 6.17.11

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/482330f8261b4bea8146d9bd69c1199e5dfcbb5c

https://git.kernel.org/stable/c/05814c389b53d2f3a0b9eeb90ba7a05ba77c4c2a

https://git.kernel.org/stable/c/eb76d0f5553575599561010f24c277cc5b31d003

https://nvd.nist.gov/vuln/detail/CVE-2025-68296

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68296

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68296

EUVD