Home

Description

In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the built-in font array. Clamp the index to the actual glyph count before computing the address. This fixes a global out-of-bounds read reported by syzbot.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-08 | Updated 2025-12-08 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before a10cede006f9614b465cf25609a8753efbfd45cc
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 0998a6cb232674408a03e8561dc15aa266b2f53b
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before db5c9a162d2f42bcc842b76b3d935dcc050a0eec
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before c12003bf91fdff381c55ef54fef3e961a5af2545
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 9ba1a7802ca9a2590cef95b253e6526f4364477f
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 901f44227072be60812fe8083e83e1533c04eed1
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before efaf89a75a29b2d179bf4fe63ca62852e93ad620
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 18c4ef4e765a798b47980555ed665d78b71aeadf
affected

Default status
affected

5.4.302 (semver)
unaffected

5.10.247 (semver)
unaffected

5.15.197 (semver)
unaffected

6.1.159 (semver)
unaffected

6.6.117 (semver)
unaffected

6.12.58 (semver)
unaffected

6.17.8 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/a10cede006f9614b465cf25609a8753efbfd45cc

git.kernel.org/...c/0998a6cb232674408a03e8561dc15aa266b2f53b

git.kernel.org/...c/db5c9a162d2f42bcc842b76b3d935dcc050a0eec

git.kernel.org/...c/c12003bf91fdff381c55ef54fef3e961a5af2545

git.kernel.org/...c/9ba1a7802ca9a2590cef95b253e6526f4364477f

git.kernel.org/...c/901f44227072be60812fe8083e83e1533c04eed1

git.kernel.org/...c/efaf89a75a29b2d179bf4fe63ca62852e93ad620

git.kernel.org/...c/18c4ef4e765a798b47980555ed665d78b71aeadf

cve.org (CVE-2025-40322)

nvd.nist.gov (CVE-2025-40322)

Download JSON