PT-2025-27990 · Linux+5 · Linux Kernel+5

Published

2025-04-28

·

Updated

2026-04-20

·

CVE-2025-38215

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.226
Description: A null pointer dereference issue was found in the Linux kernel's fbdev subsystem. The issue occurs when fb add videomode() fails to allocate memory for fb videomode, leading to a null pointer dereference in fb videomode to var(). This can cause a general protection fault. The issue was discovered by the Linux Verification Center using Syzkaller.
Recommendations: For Linux kernel versions prior to 5.10.226, update to a newer version to resolve the issue. As a temporary workaround, consider disabling the fb videomode to var() function until a patch is available. Restrict access to the vulnerable fbdev subsystem to minimize the risk of exploitation. Avoid using the fb add videomode() function in the affected do register framebuffer() API endpoint until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

AZL-64695
AZL-72772
BDU:2025-13563
CVE-2025-38215
DLA-4328-1
DSA-5973-1
ECHO-227B-51EE-82A3
MGASA-2025-0218
MGASA-2025-0219
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu