{"id":"AZL-66857","summary":"CVE-2025-38702 affecting package kernel for versions less than 6.6.104.2-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fix potential buffer overflow in do_register_framebuffer()\n\nThe current implementation may lead to buffer overflow when:\n1.  Unregistration creates NULL gaps in registered_fb[]\n2.  All array slots become occupied despite num_registered_fb \u003c FB_MAX\n3.  The registration loop exceeds array bounds\n\nAdd boundary check to prevent registered_fb[FB_MAX] access.","modified":"2026-04-01T05:21:04.476343Z","published":"2025-09-04T16:15:38Z","upstream":["CVE-2025-38702"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38702"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.104.2-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66857.json"}}],"schema_version":"1.7.5"}