144 matches found
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fbdisplayi-mode to NULL when the mode is released. Recently, we discovered the following issue through syzkaller: BUG: KASAN: Slab-use-after-free in fbmodeisequal+0x285/0x2f0 A read of size 4 at address ff11000001b3c69...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: In the bitPutcs function, the bound-check glyph index was derived from the character value masked by 0xff or 0x1ff. This may lead to reading beyond the end of the built-in font array, exceeding the actual number o...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: fbdev: vt8500lcdfb: fixed the issue where dmafreecoherent was not called when memory was allocated for fbi-fb.screenbuffer using dmaalloccoherent...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: fbdev: In of: displaytiming, there is a fix for the refcount leak in ofgetdisplaytimings. The function ofparsephandle returns a devicenode with the refcount incremented. This value is stored in ‘entry’ and then copied to...
fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info
...
CVE-2026-46065
A flaw was found in the Linux kernel's framebuffer device fbdev deferred I/O defio mechanism. A local user with an active mapping of graphics memory could trigger a device hot-unplug, leading to the system accessing undefined memory. This can result in system instability or a crash, causing a...
UBUNTU-CVE-2026-46065
In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo Hold state of deferred I/O in struct fbdeferrediostate. Allocate an instance as part of initializing deferred I/O and remove it only after the final mapping...
CVE-2026-46065
In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo Hold state of deferred I/O in struct fbdeferrediostate. Allocate an instance as part of initializing deferred I/O and remove it only after the final mapping...
CVE-2026-46065
In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo Hold state of deferred I/O in struct fbdeferrediostate. Allocate an instance as part of initializing deferred I/O and remove it only after the final mapping...
CVE-2026-46065 fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info
In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo Hold state of deferred I/O in struct fbdeferrediostate. Allocate an instance as part of initializing deferred I/O and remove it only after the final mapping...
CVE-2026-46065
fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo...
PT-2026-43932
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the fbdev: defio component where deferred I/O was tied to the lifetime of struct fb info. This created a condition where a device hot-unplug could occur while user space...
PT-2026-43821
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the au1200fb drv probe function within the fbdev au1200fb component. The issue is triggered when the platform get irq function fails, causing the system to return...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: fbdev: fbpm2fb: Avoid potential divide by zero errors In dofbioctl of fbmem.c, if cmd is FBIOPUTVSCREENINFO, var will be copied from the user. Then, the functions fbsetvar and info-fbops-fbcheckvar will be called, which might...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fixed strbuf array overflow issue. The values of the variables xres and yres are stored in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters, and a space if the array...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/i915: Fixed the system suspension without fbdev being initialized. If fbdev is not initialized for some reason—in practice on platforms without a display—suspending fbdev should be skipped during system suspension. This...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/client: Fixed a memory leak in drmclienttargetcloned. The dmtmode variable is allocated but never freed within this function. This issue was discovered with the ast driver, but most drivers that use the generic fbdevsetup...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/fb-helper: Fixed out-of-bounds access issues The memory range was clipped to the size of the screen buffer to avoid out-of-bounds access during the damage handling in fbdev’s deferred I/O operations. fbdev’s deferred I/O c...
CVE-2026-43264
In the Linux kernel, the following vulnerability has been resolved: fbdev: of: displaytiming: fix refcount leak in ofgetdisplaytimings ofparsephandle returns a devicenode with refcount incremented, which is stored in 'entry' and then copied to 'nativemode'. When the error paths at lines 184 or 19...
CVE-2026-43202 fbdev: vt8500lcdfb: fix missing dma_free_coherent()
In the Linux kernel, the following vulnerability has been resolved: fbdev: vt8500lcdfb: fix missing dmafreecoherent fbi-fb.screenbuffer is allocated with dmaalloccoherent but is not freed if the error path is reached...