Primary

Context

Linux Kernel Video Aperture PCI Device Unregistration Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's video aperture handling has been addressed. The issue arose because the function 'aperture_remove_conflicting_pci_devices()' did not call 'sysfb_disable()' before removing PCI devices. As a result, the 'simpledrm' driver could still attach to 'simple-framebuffer' devices after the corresponding hardware driver had taken control, leading to conflicts and undefined behavior. This vulnerability was introduced in version 6.0.3 and does not exist in the mainline branch.

Impact

Exploitation of this vulnerability could cause conflicts between the 'simpledrm' and hardware drivers, leading to undefined behavior and reported modesetting errors.

Added: Sep 15, 2025, 6:22 PM

Updated: Sep 15, 2025, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Video Aperture PCI Device Unregistration Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating