AZL-64662

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64662.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-64662

Upstream

CVE-2025-38198

Published

2025-07-04T14:15:27Z

Modified

2026-04-01T05:20:22.890633Z

Summary

CVE-2025-38198 affecting package kernel for versions less than 6.6.96.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

fbcon: Make sure modelist not set on unregistered console

It looks like attempting to write to the "store_modes" sysfs node will run afoul of unregistered consoles:

UBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28 index -1 is out of range for type 'fbinfo *[32]' ... fbconinfofromconsole+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122 fbconnewmodelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048 fbnewmodelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673 storemodes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113 devattr_store+0x55/0x80 drivers/base/core.c:2439

static struct fbinfo *fbconregisteredfb[FBMAX]; ... static signed char con2fbmap[MAXNRCONSOLES]; ... static struct fbinfo *fbconinfofromconsole(int console) ... return fbconregisteredfb[con2fbmap[console]];

If con2fbmap contains a -1 things go wrong here. Instead, return NULL, as callers of fbconinfofromconsole() are trying to compare against existing "info" pointers, so error handling should kick in correctly.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38198

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.96.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64662.json"