{"id":"CVE-2025-38630","summary":"fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref\n\nfb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot\nallocate a struct fb_modelist.  If that happens, the modelist stays empty but\nthe driver continues to register.  Add a check for its return value to prevent\npoteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 (\"fbdev:\nFix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\").","modified":"2026-05-18T05:58:07.147676951Z","published":"2025-08-22T16:00:38.678Z","related":["SUSE-SU-2025:03272-1","SUSE-SU-2025:03290-1","SUSE-SU-2025:03301-1","SUSE-SU-2025:03382-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20653-1","SUSE-SU-2025:20669-1","SUSE-SU-2025:20739-1","SUSE-SU-2025:20756-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38630.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/40f0a51f6c54d46a94b9f1180339ede7ca7ee190"},{"type":"WEB","url":"https://git.kernel.org/stable/c/49377bac9e3bec1635065a033c9679214fe7593e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4b5d36cc3014986e6fac12eaa8433fe56801d4ce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/69373502c2b5d364842c702c941d1171e4f35a7c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ac16154cccda8be10ee3ae188f10a06f3890bc5d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cca8f5a3991916729b39d797d01499c335137319"},{"type":"WEB","url":"https://git.kernel.org/stable/c/da11e6a30e0bb8e911288bdc443b3dc8f6a7cac7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f00c29e6755ead56baf2a9c1d3c4c0bb40af3612"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f060441c153495750804133555cf0a211a856892"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38630.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38630"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c"},{"fixed":"69373502c2b5d364842c702c941d1171e4f35a7c"},{"fixed":"f00c29e6755ead56baf2a9c1d3c4c0bb40af3612"},{"fixed":"cca8f5a3991916729b39d797d01499c335137319"},{"fixed":"ac16154cccda8be10ee3ae188f10a06f3890bc5d"},{"fixed":"4b5d36cc3014986e6fac12eaa8433fe56801d4ce"},{"fixed":"40f0a51f6c54d46a94b9f1180339ede7ca7ee190"},{"fixed":"49377bac9e3bec1635065a033c9679214fe7593e"},{"fixed":"f060441c153495750804133555cf0a211a856892"},{"fixed":"da11e6a30e0bb8e911288bdc443b3dc8f6a7cac7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38630.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.11.0"},{"fixed":"5.4.297"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.241"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.190"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.148"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.102"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.42"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.15.10"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.16.0"},{"fixed":"6.16.1"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38630.json"}}],"schema_version":"1.7.5"}