PT-2025-35958 · Linux +1 · Linux Kernel +1
Published
2025-09-04
·
Updated
2025-09-04
·
CVE-2025-38685
None
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The Linux kernel contains a flaw in the fbdev subsystem related to an out-of-bounds write in the `fast imageblit()` function. This issue occurs when a user-space program performs an ioctl `FBIOPUT CON2FBMAP` operation, providing a console number and frame buffer number. Specifically, the issue arises during console resizing when a resize operation fails but processing continues with mismatched console and frame buffer data, leading to an out-of-bounds write during screen updates in `fbcon putcs()`.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Related Identifiers
Affected Products
References · 13
- https://security-tracker.debian.org/tracker/CVE-2025-38685 · Vendor Advisory
- https://security-tracker.debian.org/tracker/source-package/linux · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-38685 · Security Note
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38685 · Security Note
- https://git.kernel.org/stable/c/078e62bffca4b7e72e8f3550eb063ab981c36c7a · Note
- https://git.kernel.org/stable/c/56701bf9eeb63219e378cb7fcbd066ea4eaeeb50 · Note
- https://git.kernel.org/stable/c/27b118aebdd84161c8ff5ce49d9d536f2af10754 · Note
- https://twitter.com/CVEnew/status/1963644657058914423 · Twitter Post
- https://packages.debian.org/src:linux · Note
- https://git.kernel.org/stable/c/ed9b8e5016230868c8d813d9179523f729fec8c6 · Note
- https://git.kernel.org/stable/c/af0db3c1f898144846d4c172531a199bb3ca375d · Note
- https://git.kernel.org/stable/c/cfec17721265e72e50cc69c6004fe3475cd38df2 · Note
- https://git.kernel.org/stable/c/4c4d7ddaf1d43780b106bedc692679f965dc5a3a · Note