CVE-2025-38427
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38427
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38427.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38427
- Downstream
- Related
- Published
- 2025-07-25T14:16:47Z
- Modified
- 2025-10-22T14:06:04.991392Z
- Summary
- video: screen_info: Relocate framebuffers behind PCI bridges
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
video: screen_info: Relocate framebuffers behind PCI bridges
Apply PCI host-bridge window offsets to screen_info framebuffers. Fixes invalid access to I/O memory.
Resources behind a PCI host bridge can be relocated by a certain offset in the kernel's CPU address range used for I/O. The framebuffer memory range stored in screeninfo refers to the CPU addresses as seen during boot (where the offset is 0). During boot up, firmware may assign a different memory offset to the PCI host bridge and thereby relocating the framebuffer address of the PCI graphics device as seen by the kernel. The information in screeninfo must be updated as well.
The helper pcibiosbustoresource() performs the relocation of the screeninfo's framebuffer resource (given in PCI bus addresses). The result matches the I/O-memory resource of the PCI graphics device (given in CPU addresses). As before, we store away the information necessary to later update the information in screen_info itself.
Commit 78aa89d1dfba ("firmware/sysfb: Update screeninfo for relocated EFI framebuffers") added the code for updating screeninfo. It is based on similar functionality that pre-existed in efifb. Efifb uses a pointer to the PCI resource, while the newer code does a memcpy of the region. Hence efifb sees any updates to the PCI resource and avoids the issue.
v3: - Only use struct pcibusregion for PCI bus addresses (Bjorn) - Clarify address semantics in commit messages and comments (Bjorn) v2: - Fixed tags (Takashi, Ivan) - Updated information on efifb
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2f29b5c231011b94007d2c8a6d793992f2275db1
- https://git.kernel.org/stable/c/5c70e3ad85d2890d8af375333699429de26327f2
- https://git.kernel.org/stable/c/aeda386d86d79269a08f470dbdc53d13a91e51fa
- https://git.kernel.org/stable/c/cc3cc41ed67054a03134bea42408c720eec0fa04
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda168da3182f8727b338509cb413147aa29012d6fFixedcc3cc41ed67054a03134bea42408c720eec0fa04
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced78aa89d1dfba1e3cf4a2e053afa3b4c4ec622371Fixed5c70e3ad85d2890d8af375333699429de26327f2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced78aa89d1dfba1e3cf4a2e053afa3b4c4ec622371Fixedaeda386d86d79269a08f470dbdc53d13a91e51fa
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced78aa89d1dfba1e3cf4a2e053afa3b4c4ec622371Fixed2f29b5c231011b94007d2c8a6d793992f2275db1
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.8
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"id": "CVE-2025-38427-25bac4c9",
"target": {
"file": "drivers/video/screen_info_pci.c"
},
"digest": {
"line_hashes": [
"209423024373348336044342477024800219359",
"301869058429737134122505037666388734731",
"264298573563593476999393870682881093032",
"66754265696105115265458012731005170394",
"58457591881059636391191885712121373679",
"196132968001939214592344075244711552399",
"271110265710338088854606467306013717747",
"225935848358765705070697095419233332085",
"323698565078876624644089520467377983635",
"21665005991061298895703013499825611742",
"41165538862793975684176508311673590306",
"230013420770701495835046690440597566180",
"197736840289771276969095543321445397588",
"54416239301551678543937772695373827613",
"90396561778156322682144827698103849132",
"142998433701376460715618777731786552138",
"318230514323734043839662626749089467501",
"255129322158211447263494495106927369286",
"185640031316524854956690439397317968394",
"23465903733604500097561547279361113630",
"37074175283642005839790667506076733163",
"197203268352323309391529307969130956418",
"10795140107739866130617298102952379741",
"186017904642002639620490669046143072139",
"124451130748563545215511542238099099685",
"6875883341424299886108660102534068284",
"180975736698737556599202201964502420854",
"155604907159969682662090206478038749200",
"110006919746560277651198892123925991763",
"249505042553864122600262785179898971434",
"212684482625371456566896113887920311724",
"29635621169672148452796736769717369352",
"170734063876513308684941613622501877226",
"24607723907086914158463960945398745171",
"230050161451653922646586887610862197935",
"168221958489784989786178836343259627949",
"288604938415515563610882866243152267680",
"267306799620965281037447202510639354533",
"155252128499698959470808680944070451132",
"55043057571002781011286204803116887540",
"193263791361409152072846800804479799560"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f29b5c231011b94007d2c8a6d793992f2275db1"
},
{
"id": "CVE-2025-38427-2bc4914a",
"target": {
"function": "screen_info_fixup_lfb",
"file": "drivers/video/screen_info_pci.c"
},
"digest": {
"length": 770.0,
"function_hash": "316625198336027777849476037174655781671"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeda386d86d79269a08f470dbdc53d13a91e51fa"
},
{
"id": "CVE-2025-38427-320bec37",
"target": {
"file": "drivers/video/screen_info_pci.c"
},
"digest": {
"line_hashes": [
"209423024373348336044342477024800219359",
"301869058429737134122505037666388734731",
"264298573563593476999393870682881093032",
"66754265696105115265458012731005170394",
"58457591881059636391191885712121373679",
"196132968001939214592344075244711552399",
"271110265710338088854606467306013717747",
"225935848358765705070697095419233332085",
"323698565078876624644089520467377983635",
"21665005991061298895703013499825611742",
"41165538862793975684176508311673590306",
"230013420770701495835046690440597566180",
"197736840289771276969095543321445397588",
"54416239301551678543937772695373827613",
"90396561778156322682144827698103849132",
"142998433701376460715618777731786552138",
"318230514323734043839662626749089467501",
"255129322158211447263494495106927369286",
"185640031316524854956690439397317968394",
"23465903733604500097561547279361113630",
"37074175283642005839790667506076733163",
"197203268352323309391529307969130956418",
"10795140107739866130617298102952379741",
"186017904642002639620490669046143072139",
"124451130748563545215511542238099099685",
"6875883341424299886108660102534068284",
"180975736698737556599202201964502420854",
"155604907159969682662090206478038749200",
"110006919746560277651198892123925991763",
"249505042553864122600262785179898971434",
"212684482625371456566896113887920311724",
"29635621169672148452796736769717369352",
"170734063876513308684941613622501877226",
"24607723907086914158463960945398745171",
"230050161451653922646586887610862197935",
"168221958489784989786178836343259627949",
"288604938415515563610882866243152267680",
"267306799620965281037447202510639354533",
"155252128499698959470808680944070451132",
"55043057571002781011286204803116887540",
"193263791361409152072846800804479799560"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeda386d86d79269a08f470dbdc53d13a91e51fa"
},
{
"id": "CVE-2025-38427-4daee552",
"target": {
"function": "screen_info_apply_fixups",
"file": "drivers/video/screen_info_pci.c"
},
"digest": {
"length": 504.0,
"function_hash": "165004122876311156173123525858922118655"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc3cc41ed67054a03134bea42408c720eec0fa04"
},
{
"id": "CVE-2025-38427-7d5c0bc3",
"target": {
"file": "drivers/video/screen_info_pci.c"
},
"digest": {
"line_hashes": [
"209423024373348336044342477024800219359",
"301869058429737134122505037666388734731",
"264298573563593476999393870682881093032",
"66754265696105115265458012731005170394",
"58457591881059636391191885712121373679",
"196132968001939214592344075244711552399",
"271110265710338088854606467306013717747",
"225935848358765705070697095419233332085",
"323698565078876624644089520467377983635",
"21665005991061298895703013499825611742",
"41165538862793975684176508311673590306",
"230013420770701495835046690440597566180",
"197736840289771276969095543321445397588",
"54416239301551678543937772695373827613",
"90396561778156322682144827698103849132",
"142998433701376460715618777731786552138",
"318230514323734043839662626749089467501",
"255129322158211447263494495106927369286",
"185640031316524854956690439397317968394",
"23465903733604500097561547279361113630",
"37074175283642005839790667506076733163",
"197203268352323309391529307969130956418",
"10795140107739866130617298102952379741",
"186017904642002639620490669046143072139",
"124451130748563545215511542238099099685",
"6875883341424299886108660102534068284",
"180975736698737556599202201964502420854",
"155604907159969682662090206478038749200",
"110006919746560277651198892123925991763",
"249505042553864122600262785179898971434",
"212684482625371456566896113887920311724",
"29635621169672148452796736769717369352",
"170734063876513308684941613622501877226",
"24607723907086914158463960945398745171",
"230050161451653922646586887610862197935",
"168221958489784989786178836343259627949",
"288604938415515563610882866243152267680",
"267306799620965281037447202510639354533",
"155252128499698959470808680944070451132",
"55043057571002781011286204803116887540",
"193263791361409152072846800804479799560"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc3cc41ed67054a03134bea42408c720eec0fa04"
},
{
"id": "CVE-2025-38427-a86235b1",
"target": {
"function": "screen_info_apply_fixups",
"file": "drivers/video/screen_info_pci.c"
},
"digest": {
"length": 504.0,
"function_hash": "165004122876311156173123525858922118655"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f29b5c231011b94007d2c8a6d793992f2275db1"
},
{
"id": "CVE-2025-38427-a9d931f9",
"target": {
"function": "screen_info_fixup_lfb",
"file": "drivers/video/screen_info_pci.c"
},
"digest": {
"length": 770.0,
"function_hash": "316625198336027777849476037174655781671"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc3cc41ed67054a03134bea42408c720eec0fa04"
},
{
"id": "CVE-2025-38427-e9a0f436",
"target": {
"function": "screen_info_fixup_lfb",
"file": "drivers/video/screen_info_pci.c"
},
"digest": {
"length": 770.0,
"function_hash": "316625198336027777849476037174655781671"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f29b5c231011b94007d2c8a6d793992f2275db1"
},
{
"id": "CVE-2025-38427-f34b689e",
"target": {
"function": "screen_info_apply_fixups",
"file": "drivers/video/screen_info_pci.c"
},
"digest": {
"length": 504.0,
"function_hash": "165004122876311156173123525858922118655"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeda386d86d79269a08f470dbdc53d13a91e51fa"
}
]