{"id":"CVE-2025-38702","summary":"fbdev: fix potential buffer overflow in do_register_framebuffer()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fix potential buffer overflow in do_register_framebuffer()\n\nThe current implementation may lead to buffer overflow when:\n1.  Unregistration creates NULL gaps in registered_fb[]\n2.  All array slots become occupied despite num_registered_fb \u003c FB_MAX\n3.  The registration loop exceeds array bounds\n\nAdd boundary check to prevent registered_fb[FB_MAX] access.","modified":"2026-04-16T04:32:15.114421881Z","published":"2025-09-04T15:32:53.990Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03614-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38702.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2828a433c7d7a05b6f27c8148502095101dd0b09"},{"type":"WEB","url":"https://git.kernel.org/stable/c/523b84dc7ccea9c4d79126d6ed1cf9033cf83b05"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5c3f5a25c62230b7965804ce7a2e9305c3ca3961"},{"type":"WEB","url":"https://git.kernel.org/stable/c/806f85bdd3a60187c21437fc51baace11f659f35"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cbe740de32bb0fb7a5213731ff5f26ea6718fca3"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38702.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38702"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"5c3f5a25c62230b7965804ce7a2e9305c3ca3961"},{"fixed":"cbe740de32bb0fb7a5213731ff5f26ea6718fca3"},{"fixed":"806f85bdd3a60187c21437fc51baace11f659f35"},{"fixed":"2828a433c7d7a05b6f27c8148502095101dd0b09"},{"fixed":"248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399"},{"fixed":"523b84dc7ccea9c4d79126d6ed1cf9033cf83b05"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38702.json"}}],"schema_version":"1.7.5"}