Primary

Context

Linux Kernel Video Subsystem Denial-of-Service Vulnerability via Improper Screen Size Validation

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the Linux kernel's video subsystem, specifically within the framebuffer device (fbdev) for the VT8623FB. The issue arises in the function 'vt8623fb_set_par()', where the 'screen_size' value is derived from user input. If an incorrect value is provided, 'screen_size' may exceed 'info->screen_size', leading to a page fault error. This flaw allows for supervisor write access in kernel mode, causing a crash by attempting to write to a non-present page.

Impact

Exploitation of this vulnerability leads to a kernel crash, causing a denial-of-service condition by interrupting normal system operations.

Added: Jun 18, 2025, 5:19 PM

Updated: Jun 18, 2025, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Video Subsystem Denial-of-Service Vulnerability via Improper Screen Size Validation

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating