CVE-2025-40304

Advisory lineage Upstream: 0 Downstream: 57

Downstream

DEBIAN-CVE-2025-40304 MGASA-2026-0017 MGASA-2026-0018 OPENSUSE-SU-2026:20145-1 RHSA-2026:1727 RHSA-2026:2282

Deferred

Published: 08 Dec 2025, 00:46

Last modified:11 May 2026, 21:46

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

0.06% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 Dec 2025, 00:46

Published

Vulnerability first disclosed

11 May 2026, 21:46

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip image height to screen boundary. Break from the rendering loop if the X position is off-screen. When clipping image width to fit the screen, update the character count to match the clipped width to prevent buffer size mismatches. Without the character count update, bit_putcs_aligned and bit_putcs_unaligned receive mismatched parameters where the buffer is allocated for the clipped width but cnt reflects the original larger count, causing out-of-bounds writes.

EPSS Trends

Current EPSS score: 0.06%• Percentile: 18%

Affected Systems

linux•linux
≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 996bfaa7372d6718b6d860bdf78f6618e850c702 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < f0982400648a3e00580253e0c48e991f34d2684c | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 1943b69e87b0ab35032d47de0a7fca9a3d1d6fc1 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < ebc0730b490c7f27340b1222e01dd106e820320d | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 86df8ade88d290725554cefd03101ecd0fbd3752 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 15ba9acafb0517f8359ca30002c189a68ddbb939 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 2d1359e11674ed4274934eac8a71877ae5ae7bbb | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 3637d34b35b287ab830e66048841ace404382b67 | 2.6.12