vulnerability

Ubuntu: (CVE-2025-39967): linux vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Oct 15, 2025	Oct 30, 2025	Nov 4, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Oct 15, 2025

Added

Oct 30, 2025

Modified

Nov 4, 2025

Description

In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_do_set_font() where font size calculations could overflow when handling user-controlled font parameters. The vulnerabilities occur when: 1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount multiplication with user-controlled values that can overflow. 2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow 3. This results in smaller allocations than expected, leading to buffer overflows during font data copying. Add explicit overflow checking using check_mul_overflow() and check_add_overflow() kernel helpers to safety validate all size calculations before allocation.

Solutions

ubuntu-upgrade-linuxubuntu-upgrade-linux-awsubuntu-upgrade-linux-azureubuntu-upgrade-linux-gcpubuntu-upgrade-linux-oracleubuntu-upgrade-linux-raspiubuntu-upgrade-linux-realtimeubuntu-upgrade-linux-riscv

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today