Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: fbdev: Added bounds checking in bitputcs to prevent out-of-bounds writes using vmalloc. Added bounds checking to prevent writes beyond the framebuffer boundaries when rendering text near the screen edges. Return early if the Y...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992735)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992735 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after free in pxafbtask In the pxafbprobe function, it calls the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992315 advisory. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memsetio In the function s3fbsetpar, the valu...

CVE-2023-54116 drm/fbdev-generic: prohibit potential out-of-bounds access

In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibit potential out-of-bounds access The fbdev test of IGT may write after EOF, which lead to out-of-bound access for drm drivers with fbdev-generic. For example, run fbdev test on a x86+ast2400 platform, wi...

DEBIAN-CVE-2022-50628

In the Linux kernel, the following vulnerability has been resolved: drm/gud: Fix UBSAN warning UBSAN complains about invalid value for bool: 101.165172 drm Initialized gud 1.0.0 20200422 for 2-3.2:1.0 on minor 1 101.213360 gud 2-3.2:1.0: drm fb1: guddrmfb frame buffer device 101.213426 usbcore:...

CVE-2025-40322

In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bitputcs bitputcsaligned/unaligned derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the...

EUVD-2022-55063

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: sm712fb: Fix crash in smtcfbwrite When the sm712fb driver writes three bytes to the framebuffer, the driver will crash: BUG: unable to handle page fault for address: ffffc90001ffffff RIP: 0010:smtcfbwrite+0x454/0x5b...

EUVD-2004-0229

Malware in sbrugna...

PT-2025-41094

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's fbdev subsystem, specifically within the omapfb and lcd mipid components. An error handling path in the mipid spi probe function does not properly fre...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414450)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414450 advisory. The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfbread function. The vulnerability could result in local...

EUVD-2022-55363

Malicious code in bioql PyPI...

CVE-2023-53314

In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fbinfo.dev Do not assing the Linux device to struct fbinfo.dev. The call to registerframebuffer initializes the field to the fbdev device. Drivers should not override its value. Fixes a bu...

CVE-2023-53314

In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fbinfo.dev Do not assing the Linux device to struct fbinfo.dev. The call to registerframebuffer initializes the field to the fbdev device. Drivers should not override its value. Fixes a bu...

UBUNTU-CVE-2023-53314

In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fbinfo.dev Do not assing the Linux device to struct fbinfo.dev. The call to registerframebuffer initializes the field to the fbdev device. Drivers should not override its value. Fixes a bu...

CVE-2023-53314 fbdev/ep93xx-fb: Do not assign to struct fb_info.dev

In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fbinfo.dev Do not assing the Linux device to struct fbinfo.dev. The call to registerframebuffer initializes the field to the fbdev device. Drivers should not override its value. Fixes a bu...

CVE-2023-53314

CVE-2023-53314 affects the Linux kernel fbdev/ep93xx-fb driver. The vulnerability stems from assigning the Linux device to struct fb_info.dev; register_framebuffer() already initializes this field, and drivers must not override it. The bug could cause a leak by incorrectly decreasing the hardware...

staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()

...

fbdev: efifb: Register sysfs groups through driver core

...

fbdev: hyperv_fb: Allow graceful removal of framebuffer

...

CVE-2025-38630

In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fbaddvideomode to prevent null-ptr-deref fbaddvideomode can fail with -ENOMEM when its internal kmalloc cannot allocate a struct fbmodelist. If that happens, the modelist stays empty but the driver continues t...