AZL-73836

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73836.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-73836

Upstream

CVE-2025-38685

Published

2025-09-04T16:15:36Z

Modified

2026-04-01T05:22:39.599249Z

Summary

CVE-2025-38685 affecting package kernel for versions less than 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: Fix vmalloc out-of-bounds write in fast_imageblit

This issue triggers when a userspace program does an ioctl FBIOPUT_CON2FBMAP by passing console number and frame buffer number. Ideally this maps console to frame buffer and updates the screen if console is visible.

As part of mapping it has to do resize of console according to frame buffer info. if this resize fails and returns from vcdoresize() and continues further. At this point console and new frame buffer are mapped and sets display vars. Despite failure still it continue to proceed updating the screen at later stages where vcdata is related to previous frame buffer and frame buffer info and display vars are mapped to new frame buffer and eventully leading to out-of-bounds write in fastimageblit(). This bheviour is excepted only when fgconsole is equal to requested console which is a visible console and updates screen with invalid struct references in fbconputcs().

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38685

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73836.json"