CVE-2025-38702

HIGHNVD 7.87.8—

7.8

In the Linux kernel, the following vulnerability has been resolved:

fbdev: fix potential buffer overflow in do_register_framebuffer()

The current implementation may lead to buffer overflow when:

Unregistration creates NULL gaps in registered_fb[]
All array slots become occupied despite num_registered_fb < FB_MAX
The registration loop exceeds array bounds

Add boundary check to prevent registered_fb[FB_MAX] access.

CVSS v3: 7.8
EG Score: 7.8(medium)
EPSS: 7.1%
KEV: Not listed

Published

September 4, 2025

Last Modified

May 12, 2026

References (9)

416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2828a433c7d7a05b6f27c8148502095101dd0b09
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/523b84dc7ccea9c4d79126d6ed1cf9033cf83b05
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5c3f5a25c62230b7965804ce7a2e9305c3ca3961
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/806f85bdd3a60187c21437fc51baace11f659f35
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cbe740de32bb0fb7a5213731ff5f26ea6718fca3
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
0b142b55-0307-4c5a-b3c9-f314f3fb7c5ehttps://cert-portal.siemens.com/productcert/html/ssa-032379.html
0b142b55-0307-4c5a-b3c9-f314f3fb7c5ehttps://cert-portal.siemens.com/productcert/html/ssa-082556.html

Vendor Advisories for CVE-2025-38702(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

CVE-2025-38702
Microsoft Security Response Center (MSRC)High
fbdev: fix potential buffer overflow in do_register_framebuffer()

Patch Availability(16)

Vendor / Ecosystem	Fixed in / Patch	Released	Source
ubuntu	linux-virtual-6.8 (6.8.0-100.100) @ noble	2026-05-21	ubuntu
ubuntu	linux-tools-realtime-hwe-22.04 (6.8.1-1041.42~22.04.1) @ jammy	2026-05-21	ubuntu
ubuntu	linux-tools-gcp-edge (6.8.0-1047.50~22.04.2) @ jammy	2026-05-21	ubuntu
ubuntu	linux-tools-realtime-6.8.1 (6.8.1-1041.42) @ noble	2026-05-21	ubuntu
ubuntu	linux-tools-fips-6.8 (6.8.0-100.100+fips1) @ noble	2026-05-21	ubuntu
ubuntu	linux-tools-oracle-lts-24.04 (6.8.0-1043.44) @ noble	2026-05-21	ubuntu
ubuntu	linux-tools-gcp-fips-6.8 (6.8.0-1047.50+fips1) @ noble	2026-05-21	ubuntu
ubuntu	linux-virtual-hwe-22.04-edge (6.8.0-100.100~22.04.1) @ jammy	2026-05-21	ubuntu
ubuntu	linux-tools-gke-64k-6.8 (6.8.0-1043.48) @ noble	2026-05-21	ubuntu
ubuntu	linux-tools-lowlatency-hwe-20.04-edge (6.8.0-100.100.1) @ noble	2026-05-21	ubuntu
ubuntu	linux-tools-nvidia-lowlatency-64k-6.8 (6.8.0-1046.49.1) @ noble	2026-05-21	ubuntu
ubuntu	linux-tools-ibm-lts-24.04 (6.8.0-1044.44) @ noble	2026-05-21	ubuntu
ubuntu	linux-xilinx-zynqmp (6.8.0.1023.24) @ noble	2026-05-21	ubuntu
ubuntu	linux-tools-azure-fips-6.8 (6.8.0-1046.52+fips1) @ noble	2026-05-21	ubuntu
ubuntu	linux-tools-azure-edge (6.8.0-1051.57~22.04.1) @ jammy	2026-05-21	ubuntu
ubuntu	linux-tools-azure-lts-24.04 (6.8.0-1046.52) @ noble	2026-05-21	ubuntu

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

CWE-787Out-of-bounds Write

Additional Vendor Advisories

(16)

Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.

Data Freshness Timeline

(refreshed 8× in last 7d / 59× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

2026-06-16 17:52 UTCEPSS rescore
2026-06-16 17:52 UTCEPSS rescore
2026-06-14 23:17 UTCEPSS rescore
2026-06-13 23:00 UTCEPSS rescore
2026-06-12 23:11 UTCEPSS rescore
2026-06-11 14:00 UTCEPSS rescore
2026-06-10 22:18 UTCEPSS rescore
2026-06-10 13:22 UTCEPSS rescore
2026-06-08 14:16 UTCEPSS rescore
2026-06-08 14:16 UTCEPSS rescore
2026-06-07 15:24 UTCEPSS rescore
2026-06-06 13:47 UTCEPSS rescore
2026-06-06 13:47 UTCEPSS rescore
2026-06-05 22:46 UTCEPSS rescore
2026-06-05 22:46 UTCEPSS rescore
2026-06-04 13:12 UTCEPSS rescore
2026-06-04 13:12 UTCEPSS rescore
2026-06-02 20:12 UTCEPSS rescore
2026-06-02 17:02 UTCOSV refresh
2026-06-01 13:51 UTCEPSS rescore
2026-06-01 13:51 UTCEPSS rescore
2026-05-31 22:30 UTCEPSS rescore
2026-05-31 22:30 UTCEPSS rescore
2026-05-31 00:16 UTCEPSS rescore
2026-05-29 13:44 UTCEPSS rescore

Show 34 more

2026-05-28 13:44 UTCEPSS rescore
2026-05-28 13:44 UTCEPSS rescore
2026-05-28 13:44 UTCEPSS rescore
2026-05-28 13:44 UTCEPSS rescore
2026-05-27 13:40 UTCEPSS rescore
2026-05-27 13:40 UTCEPSS rescore
2026-05-27 13:40 UTCEPSS rescore
2026-05-27 13:40 UTCEPSS rescore
2026-05-26 13:43 UTCEPSS rescore
2026-05-26 13:43 UTCEPSS rescore
2026-05-26 13:43 UTCEPSS rescore
2026-05-26 13:43 UTCEPSS rescore
2026-05-26 07:18 UTCEPSS rescore
2026-05-26 07:18 UTCEPSS rescore
2026-05-26 07:18 UTCEPSS rescore
2026-05-26 07:18 UTCEPSS rescore
2026-05-24 16:57 UTCEPSS rescore
2026-05-22 21:16 UTCEPSS rescore
2026-05-22 21:16 UTCEPSS rescore
2026-05-22 21:16 UTCEPSS rescore
2026-05-22 21:16 UTCEPSS rescore
2026-05-21 08:43 UTCEG score recompute
2026-05-21 08:43 UTCVendor advisory
2026-05-21 08:43 UTCGHSA enrichment
2026-05-20 22:37 UTCEPSS rescore
2026-05-20 22:37 UTCEPSS rescore
2026-05-20 22:37 UTCEPSS rescore
2026-05-20 22:37 UTCEPSS rescore
2026-05-20 22:37 UTCEPSS rescore
2026-05-20 11:21 UTCEPSS rescore
2026-05-20 11:21 UTCEPSS rescore
2026-05-20 11:21 UTCEPSS rescore
2026-05-20 11:21 UTCEPSS rescore
2026-05-18 21:31 UTCEPSS rescore

Frequently asked(5)

What is CVE-2025-38702?

CVE-2025-38702 is a high vulnerability published on September 4, 2025. In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in doregisterframebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite…

When was CVE-2025-38702 disclosed?

CVE-2025-38702 was first published in the National Vulnerability Database on September 4, 2025, with the most recent update on May 12, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2025-38702 actively exploited?

CVE-2025-38702 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 7.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2025-38702?

CVE-2025-38702 has a CVSS v3 base score of 7.8 (NVD).

How do I remediate CVE-2025-38702?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2025-38702, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2025-38702

Explore →

Is Your Infrastructure Affected by CVE-2025-38702?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2025-38702

Published

Last Modified

References (9)

Vendor Advisories for CVE-2025-38702(1)

Patch Availability(16)

Weakness Classification(1)

Additional Vendor Advisories

Data Freshness Timeline

Frequently asked(5)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2025-38702?

Same vendor

Same CWE

CVE-2025-38702

📅 Published

🔄 Last Modified

🔗 References (9)

📣 Vendor Advisories for CVE-2025-38702(1)

Patch Availability(16)

Weakness Classification(1)

Additional Vendor Advisories

Data Freshness Timeline

❓ Frequently asked(5)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2025-38702?

🔗 Related CVEs(same vendor + same CWE)

Same vendor

Same CWE

Published

Last Modified

References (9)

Vendor Advisories for CVE-2025-38702(1)

Frequently asked(5)

Related CVEs(same vendor + same CWE)