CVE-2025-38427

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to framebuffer relocation behind PCI bridges. The issue arises because framebuffer memory ranges in screen info are not updated when PCI host bridges relocate resources, potentially leading to invalid access to I/O memory. The pcibios bus to resource() helper function is involved in the relocation process, aiming to match the I/O-memory resource of the PCI graphics device. The fix involves updating screen info to reflect the relocated framebuffer address.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-401

Related Identifiers

BDU:2025-13519

CVE-2025-38427

MGASA-2025-0218

MGASA-2025-0219

OESA-2025-1959

OESA-2025-1960

OESA-2025-1961

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:02853-1

SUSE-SU-2025:02997-1

SUSE-SU-2025:03011-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025_02853-1

SUSE-SU-2025_02997-1

SUSE-SU-2025_03011-1

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-38427

Weakness Enumeration

Related Identifiers

Affected Products

References · 2775