Linux Kernel Null Pointer Dereference Vulnerability in Video Framebuffer Driver

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's video framebuffer device (fbdev) subsystem, specifically within the smscufx driver. The issue arises in the 'ufx_usb_probe' function, where the framebuffer color map allocation can fail. If this happens, the error handling routine attempts to destroy the framebuffer modelist, which has not been properly initialized, leading to a null pointer dereference.

Impact

Exploitation of this vulnerability causes a kernel panic due to a null pointer dereference, which can lead to a denial of service by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Null Pointer Dereference Vulnerability in Video Framebuffer Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating