CVE-2025-40304
- Source
- https://cve.org/CVERecord?id=CVE-2025-40304
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40304.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40304
- Downstream
- Related
- Published
- 2025-12-08T00:46:29.013Z
- Modified
- 2026-03-20T12:43:15.440722Z
- Summary
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip image height to screen boundary. Break from the rendering loop if the X position is off-screen. When clipping image width to fit the screen, update the character count to match the clipped width to prevent buffer size mismatches.
Without the character count update, bitputcsaligned and bitputcsunaligned receive mismatched parameters where the buffer is allocated for the clipped width but cnt reflects the original larger count, causing out-of-bounds writes.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40304.json" }- References
-
- https://git.kernel.org/stable/c/15ba9acafb0517f8359ca30002c189a68ddbb939
- https://git.kernel.org/stable/c/1943b69e87b0ab35032d47de0a7fca9a3d1d6fc1
- https://git.kernel.org/stable/c/2d1359e11674ed4274934eac8a71877ae5ae7bbb
- https://git.kernel.org/stable/c/3637d34b35b287ab830e66048841ace404382b67
- https://git.kernel.org/stable/c/86df8ade88d290725554cefd03101ecd0fbd3752
- https://git.kernel.org/stable/c/996bfaa7372d6718b6d860bdf78f6618e850c702
- https://git.kernel.org/stable/c/ebc0730b490c7f27340b1222e01dd106e820320d
- https://git.kernel.org/stable/c/f0982400648a3e00580253e0c48e991f34d2684c
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40304.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40304
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed996bfaa7372d6718b6d860bdf78f6618e850c702Fixedf0982400648a3e00580253e0c48e991f34d2684cFixed1943b69e87b0ab35032d47de0a7fca9a3d1d6fc1Fixedebc0730b490c7f27340b1222e01dd106e820320dFixed86df8ade88d290725554cefd03101ecd0fbd3752Fixed15ba9acafb0517f8359ca30002c189a68ddbb939Fixed2d1359e11674ed4274934eac8a71877ae5ae7bbbFixed3637d34b35b287ab830e66048841ace404382b67
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.12Fixed5.4.302
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.247
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.197
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.159
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.117
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.58
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.17.8