CVE-2025-38630

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38630
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38630.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38630
Downstream
Related
Published
2025-08-22T16:00:38.678Z
Modified
2026-03-20T12:42:57.237928Z
Summary
fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: imxfb: Check fbaddvideomode to prevent null-ptr-deref

fbaddvideomode() can fail with -ENOMEM when its internal kmalloc() cannot allocate a struct fbmodelist. If that happens, the modelist stays empty but the driver continues to register. Add a check for its return value to prevent poteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 ("fbdev: Fix doregisterframebuffer to prevent null-ptr-deref in fbvideomodetovar").

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38630.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c
Fixed
69373502c2b5d364842c702c941d1171e4f35a7c
Fixed
f00c29e6755ead56baf2a9c1d3c4c0bb40af3612
Fixed
cca8f5a3991916729b39d797d01499c335137319
Fixed
ac16154cccda8be10ee3ae188f10a06f3890bc5d
Fixed
4b5d36cc3014986e6fac12eaa8433fe56801d4ce
Fixed
40f0a51f6c54d46a94b9f1180339ede7ca7ee190
Fixed
49377bac9e3bec1635065a033c9679214fe7593e
Fixed
f060441c153495750804133555cf0a211a856892
Fixed
da11e6a30e0bb8e911288bdc443b3dc8f6a7cac7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38630.json"