Vulnerability Lookup

🛡️ CVE-2025-38198

🟠 CVSS 7.8 — High ✅ No Known Exploit CWE-129 NVD

7.8

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28 index -1 is out of range for type 'fb_info *[32]' ... fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122 fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048 fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673 store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113 dev_attr_store+0x55/0x80 drivers/base/core.c:2439 static struct fb_info *fbcon_registered_fb[FB_MAX]; ... static signed char con2fb_map[MAX_NR_CONSOLES]; ... static struct fb_info *fbcon_info_from_console(int console) ... return fbcon_registered_fb[con2fb_map[console]]; If con2fb_map contains a -1 things go wrong here. Instead, return NULL, as callers of fbcon_info_from_console() are trying to compare against existing "info" pointers, so error handling should kick in correctly.

Details

Severity HIGH

CVSS Score 7.8

CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE CWE-129

Public Exploit ✅ No

Source NVD

Published 2025-07-04

Updated 2026-06-02

Modified 2026-05-12

Fix URL https://git.kernel.org/stable/c/519ba75728ee8cd561dce25fc52a2ec5c47171dc

Affected Packages

Software	From version	Fixed in
debian-linux	—	—
linux-kernel	6.13	6.15.4

References

Patch https://git.kernel.org/stable/c/519ba75728ee8cd561dce25fc52a2ec5c47171dc

Patch https://git.kernel.org/stable/c/54b28f7c567dd659e5f9562f518e4d7f3f6a367b

Patch https://git.kernel.org/stable/c/b3237d451bf3a4490cb1a76f3b7c91d9888f1c4b

Patch https://git.kernel.org/stable/c/cedc1b63394a866bf8663a3e40f4546f1d28c8d8

Patch https://git.kernel.org/stable/c/f28f1f578cd810779d01999c60618cda14c281dd

Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

🔗 NVD 🔗 Mitre ✅ Fix / Advisory

Similar Threats

Free Vulnerability Check

Is your WordPress site affected?

BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.

Scan My Site Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Is your WordPress site affected?

Company

Resources

Services

Trusted

Subscribe