CVE-2025-38312 in Linuxinfo

Summary

by MITRE • 07/10/2025

In the Linux kernel, the following vulnerability has been resolved:

fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()

In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000, cvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fb_cvt_hperiod(), where it's used as a divider -- division by 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to avoid such overflow...

Found by Linux Verification Center (linuxtesting.org) with the Svace static analysis tool.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 12/19/2025

The vulnerability identified as CVE-2025-38312 resides within the Linux kernel's framebuffer device subsystem, specifically in the core fbdev functionality where the fbcvt module handles display mode calculations. This issue manifests as a potential denial of service condition that could lead to system instability through kernel oops events. The flaw occurs during the processing of framebuffer display modes where certain mathematical operations can result in division by zero conditions that crash the kernel execution. The vulnerability was discovered through static analysis using the Svace tool by the Linux Verification Center, highlighting the importance of automated security verification in kernel development environments.

The technical root cause of this vulnerability stems from an integer overflow condition that occurs in the fb_find_mode_cvt() function when processing display refresh rates. Specifically, when the mode->refresh parameter contains the value 0x80000000, which represents the maximum negative value for a 32-bit signed integer, the multiplication operation with 2 causes an arithmetic overflow that results in cvt.f_refresh becoming zero. This zero value is subsequently passed to the fb_cvt_hperiod() function where it serves as a divisor in mathematical calculations, creating a classic division by zero scenario that triggers kernel panic conditions. The vulnerability demonstrates poor input validation and lacks proper overflow protection mechanisms in the framebuffer mode calculation logic.

The operational impact of this vulnerability extends beyond simple denial of service as it represents a potential security escalation vector within the kernel space. When exploited, the division by zero condition causes the kernel to generate a kernel oops event, which typically results in system crash or reboot. This behavior can be particularly problematic in embedded systems or server environments where uninterrupted operation is critical. The vulnerability affects systems using the framebuffer subsystem for display output, including embedded devices, headless servers with framebuffer interfaces, and any Linux system utilizing the fbdev framework for graphics mode management. The attack surface is limited to kernel-level operations but can affect system availability and potentially provide an entry point for further exploitation attempts.

Mitigation strategies for this vulnerability should focus on implementing proper input validation and overflow protection mechanisms within the framebuffer subsystem. The recommended fix involves adding a sanity check for cvt.f_refresh values to prevent the arithmetic overflow condition that leads to zero values being passed to division operations. This approach aligns with security best practices for kernel development and follows the principle of least privilege by ensuring all inputs are properly validated before processing. System administrators should prioritize applying kernel updates that contain the patched fbdev implementation, while security teams should monitor for potential exploitation attempts targeting this specific kernel subsystem. The fix should be implemented in accordance with CWE-369 (Division by Zero) and ATT&CK techniques related to privilege escalation and system stability compromise, ensuring that similar vulnerabilities are prevented through comprehensive input validation mechanisms throughout the kernel codebase.

Responsible

Linux

Reservation

04/16/2025

Disclosure

07/10/2025

Moderation

accepted

CPE

ready

EPSS

0.00150

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!