CVE-2025-38312

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38312
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38312.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38312
Downstream
Related
Published
2025-07-10T07:42:20.647Z
Modified
2026-03-12T02:17:12.190751Z
Summary
fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod()

In fbfindmodecvt(), iff mode->refresh somehow happens to be 0x80000000, cvt.frefresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fbcvthperiod(), where it's used as a divider -- division by 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to avoid such overflow...

Found by Linux Verification Center (linuxtesting.org) with the Svace static analysis tool.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38312.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
96fe6a2109db29cd15b90a093c16e6cb4b19371a
Fixed
9027ce4c037b566b658b8939a76326b7125e3627
Fixed
610f247f2772e4f92b63442125a1b7ade79898d8
Fixed
2d63433e8eaa3c91b2948190e395bc67009db0d9
Fixed
54947530663edcbaaee1314c01fdd8c72861b124
Fixed
ab91647acdf43b984824776559a452212eaeb21a
Fixed
b235393b9f43ff86a38ca2bde6372312ea215dc5
Fixed
53784073cbad18f75583fd3da9ffdfc4d1f05405
Fixed
3f6dae09fc8c306eb70fdfef70726e1f154e173a

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38312.json"