PT-2025-27973 · Linux+5 · Linux Kernel+5

Published

2025-07-04

·

Updated

2026-04-20

·

CVE-2025-38198

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A vulnerability in the Linux kernel has been resolved, related to the fbcon module. The issue occurs when attempting to write to the "store modes" sysfs node, which can cause an array-index-out-of-bounds error in the fbcon info from console function. This happens when the con2fb map array contains a -1 value, indicating an unregistered console. The error handling has been improved to return NULL in such cases, allowing callers to correctly compare against existing "info" pointers.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Validation of Array Index

Weakness Enumeration

CWE-129

Related Identifiers

AZL-64662
AZL-72769
BDU:2025-10766
CVE-2025-38198
DLA-4328-1
DSA-5973-1
ECHO-C35A-2514-70FD
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-1926
OESA-2025-1927
OESA-2025-1928
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02846-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02846-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7833-1
USN-7833-2
USN-7833-3
USN-7833-4
USN-7834-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu