Vulnerability Database

324,382

Total vulnerabilities in the database

CVE-2025-39967

In the Linux kernel, the following vulnerability has been resolved:

fbcon: fix integer overflow in fbcon_do_set_font

Fix integer overflow vulnerabilities in fbcon_do_set_font() where font size calculations could overflow when handling user-controlled font parameters.

The vulnerabilities occur when:

  1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount multiplication with user-controlled values that can overflow.
  2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow
  3. This results in smaller allocations than expected, leading to buffer overflows during font data copying.

Add explicit overflow checking using check_mul_overflow() and check_add_overflow() kernel helpers to safety validate all size calculations before allocation.

  • Published: Oct 15, 2025
  • Updated: Feb 4, 2026
  • CVE: CVE-2025-39967
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 4.4.235 4.5
linux / linux_kernel 4.9.235 4.10
linux / linux_kernel 4.14.196 4.15
linux / linux_kernel 4.19.143 4.20
linux / linux_kernel 5.4.62 5.4.300
linux / linux_kernel 5.8.6 5.9
linux / linux_kernel 5.9.1 5.10.245
linux / linux_kernel 5.11 5.15.194
linux / linux_kernel 5.16 6.1.155
linux / linux_kernel 6.2 6.6.109
linux / linux_kernel 6.7 6.12.50
linux / linux_kernel 6.13 6.16.10
linux / linux_kernel 5.9 5.9.x
linux / linux_kernel 5.9-rc3 5.9-rc3.x
linux / linux_kernel 5.9-rc4 5.9-rc4.x
linux / linux_kernel 5.9-rc5 5.9-rc5.x
linux / linux_kernel 5.9-rc6 5.9-rc6.x
linux / linux_kernel 5.9-rc7 5.9-rc7.x
linux / linux_kernel 5.9-rc8 5.9-rc8.x
linux / linux_kernel 6.17-rc1 6.17-rc1.x
linux / linux_kernel 6.17-rc2 6.17-rc2.x
linux / linux_kernel 6.17-rc3 6.17-rc3.x
linux / linux_kernel 6.17-rc4 6.17-rc4.x
linux / linux_kernel 6.17-rc5 6.17-rc5.x
linux / linux_kernel 6.17-rc6 6.17-rc6.x
linux / linux_kernel 6.17-rc7 6.17-rc7.x