CVE-2025-39967
- Source
- https://cve.org/CVERecord?id=CVE-2025-39967
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39967.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39967
- Downstream
- Related
- Published
- 2025-10-15T07:55:51.554Z
- Modified
- 2026-03-11T07:53:49.486955467Z
- Summary
- fbcon: fix integer overflow in fbcon_do_set_font
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
fbcon: fix integer overflow in fbcondoset_font
Fix integer overflow vulnerabilities in fbcondoset_font() where font size calculations could overflow when handling user-controlled font parameters.
The vulnerabilities occur when: 1. CALCFONTSZ(h, pitch, charcount) performs h * pith * charcount multiplication with user-controlled values that can overflow. 2. FONTEXTRA_WORDS * sizeof(int) + size addition can also overflow 3. This results in smaller allocations than expected, leading to buffer overflows during font data copying.
Add explicit overflow checking using checkmuloverflow() and checkaddoverflow() kernel helpers to safety validate all size calculations before allocation.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39967.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1a194e6c8e1ee745e914b0b7f50fa86c89ed13fe
- https://git.kernel.org/stable/c/4a4bac869560f943edbe3c2b032062f6673b13d3
- https://git.kernel.org/stable/c/994bdc2d23c79087fbf7dcd9544454e8ebcef877
- https://git.kernel.org/stable/c/9c8ec14075c5317edd6b242f1be8167aa1e4e333
- https://git.kernel.org/stable/c/a6eb9f423b3db000aaedf83367b8539f6b72dcfc
- https://git.kernel.org/stable/c/adac90bb1aaf45ca66f9db8ac100be16750ace78
- https://git.kernel.org/stable/c/b8a6e85328aeb9881531dbe89bcd2637a06c3c95
- https://git.kernel.org/stable/c/c0c01f9aa08c8e10e10e8c9ebb5be01a4eff6eb7
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39967.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-39967
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced96e41fc29e8af5c5085fb8a79cab8d0d00bab86cFixed994bdc2d23c79087fbf7dcd9544454e8ebcef877
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced39b3cffb8cf3111738ea993e2757ab382253d86aFixed9c8ec14075c5317edd6b242f1be8167aa1e4e333Fixedb8a6e85328aeb9881531dbe89bcd2637a06c3c95Fixeda6eb9f423b3db000aaedf83367b8539f6b72dcfcFixedadac90bb1aaf45ca66f9db8ac100be16750ace78Fixed4a4bac869560f943edbe3c2b032062f6673b13d3Fixedc0c01f9aa08c8e10e10e8c9ebb5be01a4eff6eb7Fixed1a194e6c8e1ee745e914b0b7f50fa86c89ed13fe
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedae021a904ac82d9fc81c25329d3c465c5a7d5686Last affected451bffa366f2cc0e5314807cb847f31c0226efedLast affected2c455e9c5865861f5ce09c5f596909495ed7657cLast affected72f099805dbc907fbe8fa19bccdc31d3e2ee6e9eLast affected34cf1aff169dc6dedad8d79da7bf1b4de2773dbc