CVE-2025-68296

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the interaction between DRM, fbcon, and vga switcheroo components. Specifically, the issue occurs during fbcon setup when switching outputs, potentially leading to out-of-bounds access in the fbcon remap all() function. This happens because vga switcheroo client fb set() can be called before the framebuffer is fully registered, resulting in an invalid value for struct fb info.node. The fix involves moving vga switcheroo client fb set() to execute after register framebuffer() under the protection of the console lock, ensuring proper serialization with VGA switcheroo calls to fbcon remap all(). The issue affects amdgpu, i915, nouveau, and radeon drivers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

AZL-72667

CVE-2025-68296

ECHO-6A04-7451-8F42

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0473-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8152-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

Amdgpu

I915

Nouveau

Radeon

CVE-2025-68296

Related Identifiers

Affected Products

References · 2060