CVE-2025-39967

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Linux kernel’s fbcon do set font() function where integer overflows can occur during font size calculations when handling user-controlled font parameters. Specifically, overflows can happen in the following calculations: the multiplication of h, pitch, and charcount within CALC FONTSZ(h, pitch, charcount), and the addition of FONT EXTRA WORDS * sizeof(int) to size. These overflows can lead to smaller-than-expected memory allocations, resulting in buffer overflows during font data copying. The issue is addressed by adding explicit overflow checking using the check mul overflow() and check add overflow() kernel helpers to validate size calculations before allocation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.