CVE-2025-40323

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the framebuffer console (fbcon) component. The issue arises because when a framebuffer is unregistered, the memory associated with its modelist is freed, but the corresponding fb display[i]->mode pointer is not set to NULL. This results in a dangling pointer within the fb display array. Subsequent access to this dangling pointer can lead to a use-after-free condition. The issue can be triggered by registering a new framebuffer device, setting its mode, switching consoles, unloading the kernel module, and then attempting to delete a mode through system calls via another framebuffer. The vulnerability is reproducible through specific steps involving framebuffer registration, mode setting, console switching, and kernel module unloading.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.