CVE-2025-38198 – This CVE describes an array index out-of-bounds... (How to Fix)

Q: What is the severity of CVE-2025-38198?

CVE-2025-38198 has a CVSS score of 7.8 (HIGH). This CVE describes an array index out-of-bounds vulnerability in the Linux kernel's fbcon (framebuffer console) subsystem. When writing to the 'store_modes' sysfs node on an unregistered console, the kernel can access invalid memory, potentially leading to kernel panic or local privilege escalation. This affects Linux systems with framebuffer console enabled.

📋 TL;DR

This CVE describes an array index out-of-bounds vulnerability in the Linux kernel's fbcon (framebuffer console) subsystem. When writing to the 'store_modes' sysfs node on an unregistered console, the kernel can access invalid memory, potentially leading to kernel panic or local privilege escalation. This affects Linux systems with framebuffer console enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE, but vulnerability exists in code before the fix commits listed in references.

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires framebuffer console (fbcon) subsystem to be enabled and accessible via sysfs.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic causing system crash, or local privilege escalation allowing attackers to gain root access and execute arbitrary code.

🟠

Likely Case

Kernel panic leading to denial of service, requiring system reboot to restore functionality.

🟢

If Mitigated

System remains stable with proper access controls preventing unauthorized users from writing to sysfs nodes.

🌐 Internet-Facing: LOW - This requires local access to the system and ability to write to sysfs nodes.

🏢 Internal Only: MEDIUM - Malicious local users or compromised accounts could exploit this to crash systems or escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to write to /sys/class/graphics/fb*/store_modes. The vulnerability was discovered through UBSAN (Undefined Behavior Sanitizer) testing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 519ba75728ee8cd561dce25fc52a2ec5c47171dc, 54b28f7c567dd659e5f9562f518e4d7f3f6a367b, b3237d451bf3a4490cb1a76f3b7c91d9888f1c4b, cedc1b63394a866bf8663a3e40f4546f1d28c8d8, f28f1f578cd810779d01999c60618cda14c281fd

Vendor Advisory: https://git.kernel.org/stable/c/519ba75728ee8cd561dce25fc52a2ec5c47171dc

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Restrict sysfs access

linux

Prevent unauthorized users from writing to fbcon sysfs nodes

chmod 644 /sys/class/graphics/fb*/store_modes
chown root:root /sys/class/graphics/fb*/store_modes

Disable framebuffer console

linux

Remove fbcon module if not needed

rmmod fbcon
echo 'blacklist fbcon' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Implement strict access controls on /sys/class/graphics/fb* directories
Monitor for unauthorized access attempts to sysfs fbcon nodes

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if fbcon module is loaded: lsmod | grep fbcon

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commits: uname -r and check with distribution vendor

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
UBSAN array-index-out-of-bounds errors in kernel logs
Access denied errors for /sys/class/graphics/fb*/store_modes

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("array-index-out-of-bounds" OR "fbcon" OR "UBSAN")

📊 Metadata

CVE ID: CVE-2025-38198

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

EPSS Score: 0.02% exploit probability (2.6th percentile)

Published: July 4, 2025

Last Updated: December 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38198, you might also want to check these: