{"id":"CVE-2025-38630","summary":"fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref\n\nfb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot\nallocate a struct fb_modelist.  If that happens, the modelist stays empty but\nthe driver continues to register.  Add a check for its return value to prevent\npoteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 (\"fbdev:\nFix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\").","modified":"2026-04-16T04:39:19.697737782Z","published":"2025-08-22T16:00:38.678Z","related":["SUSE-SU-2025:03272-1","SUSE-SU-2025:03290-1","SUSE-SU-2025:03301-1","SUSE-SU-2025:03382-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20653-1","SUSE-SU-2025:20669-1","SUSE-SU-2025:20739-1","SUSE-SU-2025:20756-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38630.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/40f0a51f6c54d46a94b9f1180339ede7ca7ee190"},{"type":"WEB","url":"https://git.kernel.org/stable/c/49377bac9e3bec1635065a033c9679214fe7593e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4b5d36cc3014986e6fac12eaa8433fe56801d4ce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/69373502c2b5d364842c702c941d1171e4f35a7c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ac16154cccda8be10ee3ae188f10a06f3890bc5d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cca8f5a3991916729b39d797d01499c335137319"},{"type":"WEB","url":"https://git.kernel.org/stable/c/da11e6a30e0bb8e911288bdc443b3dc8f6a7cac7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f00c29e6755ead56baf2a9c1d3c4c0bb40af3612"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f060441c153495750804133555cf0a211a856892"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38630.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38630"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c"},{"fixed":"69373502c2b5d364842c702c941d1171e4f35a7c"},{"fixed":"f00c29e6755ead56baf2a9c1d3c4c0bb40af3612"},{"fixed":"cca8f5a3991916729b39d797d01499c335137319"},{"fixed":"ac16154cccda8be10ee3ae188f10a06f3890bc5d"},{"fixed":"4b5d36cc3014986e6fac12eaa8433fe56801d4ce"},{"fixed":"40f0a51f6c54d46a94b9f1180339ede7ca7ee190"},{"fixed":"49377bac9e3bec1635065a033c9679214fe7593e"},{"fixed":"f060441c153495750804133555cf0a211a856892"},{"fixed":"da11e6a30e0bb8e911288bdc443b3dc8f6a7cac7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38630.json"}}],"schema_version":"1.7.5"}