{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T06:22:17.478","vulnerabilities":[{"cve":{"id":"CVE-2025-38427","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-07-25T15:15:27.623","lastModified":"2025-11-19T18:59:50.960","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: screen_info: Relocate framebuffers behind PCI bridges\n\nApply PCI host-bridge window offsets to screen_info framebuffers. Fixes\ninvalid access to I/O memory.\n\nResources behind a PCI host bridge can be relocated by a certain offset\nin the kernel's CPU address range used for I/O. The framebuffer memory\nrange stored in screen_info refers to the CPU addresses as seen during\nboot (where the offset is 0). During boot up, firmware may assign a\ndifferent memory offset to the PCI host bridge and thereby relocating\nthe framebuffer address of the PCI graphics device as seen by the kernel.\nThe information in screen_info must be updated as well.\n\nThe helper pcibios_bus_to_resource() performs the relocation of the\nscreen_info's framebuffer resource (given in PCI bus addresses). The\nresult matches the I/O-memory resource of the PCI graphics device (given\nin CPU addresses). As before, we store away the information necessary to\nlater update the information in screen_info itself.\n\nCommit 78aa89d1dfba (\"firmware/sysfb: Update screen_info for relocated\nEFI framebuffers\") added the code for updating screen_info. It is based\non similar functionality that pre-existed in efifb. Efifb uses a pointer\nto the PCI resource, while the newer code does a memcpy of the region.\nHence efifb sees any updates to the PCI resource and avoids the issue.\n\nv3:\n- Only use struct pci_bus_region for PCI bus addresses (Bjorn)\n- Clarify address semantics in commit messages and comments (Bjorn)\nv2:\n- Fixed tags (Takashi, Ivan)\n- Updated information on efifb"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: video: screen_info: Reubicar framebuffers detrás de puentes PCI. Aplicar desplazamientos de ventana del puente host PCI a los framebuffers de screen_info. Corrige el acceso no válido a la memoria de E/S. Los recursos detrás de un puente host PCI se pueden reubicar mediante un desplazamiento determinado en el rango de direcciones de CPU del kernel utilizado para E/S. El rango de memoria del framebuffer almacenado en screen_info se refiere a las direcciones de CPU tal como se ven durante el arranque (donde el desplazamiento es 0). Durante el arranque, el firmware puede asignar un desplazamiento de memoria diferente al puente host PCI y, por lo tanto, reubicar la dirección del framebuffer del dispositivo gráfico PCI tal como lo ve el kernel. La información en screen_info también debe actualizarse. El asistente pcibios_bus_to_resource() realiza la reubicación del recurso framebuffer de screen_info (indicado en direcciones de bus PCI). El resultado coincide con el recurso de memoria de E/S del dispositivo gráfico PCI (indicado en direcciones de CPU). Como antes, almacenamos la información necesaria para actualizarla posteriormente en screen_info. El commit 78aa89d1dfba (\"firmware/sysfb: Update screen_info for relocated EFI framebuffers\" agregó el código para actualizar screen_info. Se basa en una funcionalidad similar a la que ya existía en efifb. Efifb usa un puntero al recurso PCI, mientras que el código más reciente realiza un memcpy de la región. Por lo tanto, efifb detecta cualquier actualización del recurso PCI y evita el problema. v3: - Usar struct pci_bus_region solo para direcciones de bus PCI (Bjorn) - Aclarar la semántica de las direcciones en los mensajes y comentarios de la confirmación (Bjorn) v2: - Etiquetas corregidas (Takashi, Ivan) - Información actualizada sobre efifb"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.45","versionEndExcluding":"6.6.95","matchCriteriaId":"420E8E58-A848-4DA3-8E0A-04C795EE80F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12.35","matchCriteriaId":"B4D83789-E054-44F6-92F6-ABE7750DE9A0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15.4","matchCriteriaId":"DFD174C5-1AA2-4671-BDDC-1A9FCC753655"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2f29b5c231011b94007d2c8a6d793992f2275db1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5c70e3ad85d2890d8af375333699429de26327f2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aeda386d86d79269a08f470dbdc53d13a91e51fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc3cc41ed67054a03134bea42408c720eec0fa04","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}