Security Advisory

CVE-2025-38630

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-22 16:00:38
Last updated 2026-05-11 21:31:56
Assigner Linux
State PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot allocate a struct fb_modelist. If that happens, the modelist stays empty but the driver continues to register. Add a check for its return value to prevent poteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 ("fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var").