CVE-2025-39967
Published: Oct 15, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_do_set_font() where font size calculations could overflow when handling user-controlled font parameters. The vulnerabilities occur when: 1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount multiplication with user-controlled values that can overflow. 2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow 3. This results in smaller allocations than expected, leading to buffer overflows during font data copying. Add explicit overflow checking using check_mul_overflow() and check_add_overflow() kernel helpers to safety validate all size calculations before allocation.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 96e41fc29e8af5c5085fb8a79cab8d0d00bab86c - < 994bdc2d23c79087fbf7dcd9544454e8ebcef877affected 39b3cffb8cf3111738ea993e2757ab382253d86a - < 9c8ec14075c5317edd6b242f1be8167aa1e4e333affected 39b3cffb8cf3111738ea993e2757ab382253d86a - < b8a6e85328aeb9881531dbe89bcd2637a06c3c95affected 39b3cffb8cf3111738ea993e2757ab382253d86a - < a6eb9f423b3db000aaedf83367b8539f6b72dcfcaffected 39b3cffb8cf3111738ea993e2757ab382253d86a - < adac90bb1aaf45ca66f9db8ac100be16750ace78+14 more versions |
Linux | Linux | affected 5.9unaffected 0 - < 5.9unaffected 5.4.300 - <= 5.4.*unaffected 5.10.245 - <= 5.10.*unaffected 5.15.194 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now