CVE-2025-23159
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: venus: hfi: add a check to handle OOB in sfr region
sfr->buf_size is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to allocated size for such cases.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d96d3f30c0f2f564f6922bf4ccdf4464992e31fb < 4dd109038d513b92d4d33524ffc89ba32e02ba48 | affected |
| Linux | Linux | d96d3f30c0f2f564f6922bf4ccdf4464992e31fb < 8879397c0da5e5ec1515262995e82cdfd61b282a | affected |
| Linux | Linux | d96d3f30c0f2f564f6922bf4ccdf4464992e31fb < 1b8fb257234e7d2d4b3f48af07c5aa5e11c71634 | affected |
| Linux | Linux | d96d3f30c0f2f564f6922bf4ccdf4464992e31fb < 4e95233af57715d81830fe82b408c633edff59f4 | affected |
| Linux | Linux | d96d3f30c0f2f564f6922bf4ccdf4464992e31fb < 5af611c70fb889d46d2f654b8996746e59556750 | affected |
| Linux | Linux | d96d3f30c0f2f564f6922bf4ccdf4464992e31fb < 530f623f56a6680792499a8404083e17f8ec51f4 | affected |
| Linux | Linux | d96d3f30c0f2f564f6922bf4ccdf4464992e31fb < a062d8de0be5525ec8c52f070acf7607ec8cbfe4 | affected |
| Linux | Linux | d96d3f30c0f2f564f6922bf4ccdf4464992e31fb < d78a8388a27b265fcb2b8d064f088168ac9356b0 | affected |
| Linux | Linux | d96d3f30c0f2f564f6922bf4ccdf4464992e31fb < f4b211714bcc70effa60c34d9fa613d182e3ef1e | affected |
| Linux | Linux | 4.13 | affected |
| Linux | Linux | 0 < 4.13 | unaffected |
| Linux | Linux | 5.4.293 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.237 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.181 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.135 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.88 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.24 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.12 <= 6.13.* | unaffected |
| Linux | Linux | 6.14.3 <= 6.14.* | unaffected |
| Linux | Linux | 6.15 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
References
- https://git.kernel.org/stable/c/4dd109038d513b92d4d33524ffc89ba32e02ba48
- https://git.kernel.org/stable/c/8879397c0da5e5ec1515262995e82cdfd61b282a
- https://git.kernel.org/stable/c/1b8fb257234e7d2d4b3f48af07c5aa5e11c71634
- https://git.kernel.org/stable/c/4e95233af57715d81830fe82b408c633edff59f4
- https://git.kernel.org/stable/c/5af611c70fb889d46d2f654b8996746e59556750
- https://git.kernel.org/stable/c/530f623f56a6680792499a8404083e17f8ec51f4
- https://git.kernel.org/stable/c/a062d8de0be5525ec8c52f070acf7607ec8cbfe4
- https://git.kernel.org/stable/c/d78a8388a27b265fcb2b8d064f088168ac9356b0
- https://git.kernel.org/stable/c/f4b211714bcc70effa60c34d9fa613d182e3ef1e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.