PT-2025-14357 · Linux+5 · Linux Kernel+5

Published

2025-03-09

·

Updated

2026-05-26

·

CVE-2025-21976

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved, related to the removal of a Hyper-V framebuffer device. When the device is unbound, the hyperv fb driver attempts to release the framebuffer forcefully, which can produce a warning and prevent the framebuffer from being released if it is in use. The issue is resolved by moving the release of the framebuffer and associated memory to the fb ops.fb destroy function, allowing the framebuffer framework to handle it gracefully.
Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix, which moves the release of the framebuffer and associated memory to the fb ops.fb destroy function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2025:20095
AZL-62824
AZL-69506
BDU:2026-04405
CVE-2025-21976
ECHO-55E2-E896-8F19
OESA-2025-1446
OESA-2025-1450
RHSA-2025:20095
SUSE-SU-2025:01600-1
SUSE-SU-2025_01600-1
USN-7764-1
USN-7764-2
USN-7765-1
USN-7766-1
USN-7767-1
USN-7767-2
USN-7779-1
USN-7790-1
USN-7800-1
USN-7801-1
USN-7801-2
USN-7801-3
USN-7802-1
USN-7809-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu