ghsa-9vff-p882-x7qp
Vulnerability from github
Published
2025-04-01 18:30
Modified
2025-04-01 18:30
Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: hyperv_fb: Allow graceful removal of framebuffer

When a Hyper-V framebuffer device is unbind, hyperv_fb driver tries to release the framebuffer forcefully. If this framebuffer is in use it produce the following WARN and hence this framebuffer is never released.

[ 44.111220] WARNING: CPU: 35 PID: 1882 at drivers/video/fbdev/core/fb_info.c:70 framebuffer_release+0x2c/0x40 < snip > [ 44.111289] Call Trace: [ 44.111290] [ 44.111291] ? show_regs+0x6c/0x80 [ 44.111295] ? __warn+0x8d/0x150 [ 44.111298] ? framebuffer_release+0x2c/0x40 [ 44.111300] ? report_bug+0x182/0x1b0 [ 44.111303] ? handle_bug+0x6e/0xb0 [ 44.111306] ? exc_invalid_op+0x18/0x80 [ 44.111308] ? asm_exc_invalid_op+0x1b/0x20 [ 44.111311] ? framebuffer_release+0x2c/0x40 [ 44.111313] ? hvfb_remove+0x86/0xa0 [hyperv_fb] [ 44.111315] vmbus_remove+0x24/0x40 [hv_vmbus] [ 44.111323] device_remove+0x40/0x80 [ 44.111325] device_release_driver_internal+0x20b/0x270 [ 44.111327] ? bus_find_device+0xb3/0xf0

Fix this by moving the release of framebuffer and assosiated memory to fb_ops.fb_destroy function, so that framebuffer framework handles it gracefully.

While we fix this, also replace manual registrations/unregistration of framebuffer with devm_register_framebuffer.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-21976"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-01T16:15:28Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: hyperv_fb: Allow graceful removal of framebuffer\n\nWhen a Hyper-V framebuffer device is unbind, hyperv_fb driver tries to\nrelease the framebuffer forcefully. If this framebuffer is in use it\nproduce the following WARN and hence this framebuffer is never released.\n\n[   44.111220] WARNING: CPU: 35 PID: 1882 at drivers/video/fbdev/core/fb_info.c:70 framebuffer_release+0x2c/0x40\n\u003c snip \u003e\n[   44.111289] Call Trace:\n[   44.111290]  \u003cTASK\u003e\n[   44.111291]  ? show_regs+0x6c/0x80\n[   44.111295]  ? __warn+0x8d/0x150\n[   44.111298]  ? framebuffer_release+0x2c/0x40\n[   44.111300]  ? report_bug+0x182/0x1b0\n[   44.111303]  ? handle_bug+0x6e/0xb0\n[   44.111306]  ? exc_invalid_op+0x18/0x80\n[   44.111308]  ? asm_exc_invalid_op+0x1b/0x20\n[   44.111311]  ? framebuffer_release+0x2c/0x40\n[   44.111313]  ? hvfb_remove+0x86/0xa0 [hyperv_fb]\n[   44.111315]  vmbus_remove+0x24/0x40 [hv_vmbus]\n[   44.111323]  device_remove+0x40/0x80\n[   44.111325]  device_release_driver_internal+0x20b/0x270\n[   44.111327]  ? bus_find_device+0xb3/0xf0\n\nFix this by moving the release of framebuffer and assosiated memory\nto fb_ops.fb_destroy function, so that framebuffer framework handles\nit gracefully.\n\nWhile we fix this, also replace manual registrations/unregistration of\nframebuffer with devm_register_framebuffer.",
  "id": "GHSA-9vff-p882-x7qp",
  "modified": "2025-04-01T18:30:54Z",
  "published": "2025-04-01T18:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21976"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4545e2aa121aea304d33903099c03e29ed4fe50a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a7b583dc99c6cf4a96877017be1d08247e1ef2c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea2f45ab0e53b255f72c85ccd99e2b394fc5fceb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.