CVE-2025-39787
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients.
Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. e_phentsize and e_shentsize are validated as well, to ensure that the assumptions about step size in the traversal are valid.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 2aad40d911eeb7dcac91c669f2762a28134f0eb1 < 1096eb63ecfc8df90b70cd068e6de0c2ff204dfd | affected |
| Linux | Linux | 2aad40d911eeb7dcac91c669f2762a28134f0eb1 < e1720eb32acf411c328af6a8c8f556c94535808e | affected |
| Linux | Linux | 2aad40d911eeb7dcac91c669f2762a28134f0eb1 < 0d59ce2bfc3bb13abe6240335a1bf7b96536d022 | affected |
| Linux | Linux | 2aad40d911eeb7dcac91c669f2762a28134f0eb1 < 43d26997d88c4056fce0324e72f62556bc7e8e8d | affected |
| Linux | Linux | 2aad40d911eeb7dcac91c669f2762a28134f0eb1 < 981c845f29838e468a9bfa87f784307193a31297 | affected |
| Linux | Linux | 2aad40d911eeb7dcac91c669f2762a28134f0eb1 < 87bfabb3b2f46827639173f143aa43f7cfc0a7e6 | affected |
| Linux | Linux | 2aad40d911eeb7dcac91c669f2762a28134f0eb1 < 81278be4eb5f08ba2c68c3055893e61cc03727fe | affected |
| Linux | Linux | 2aad40d911eeb7dcac91c669f2762a28134f0eb1 < 9f9967fed9d066ed3dae9372b45ffa4f6fccfeef | affected |
| Linux | Linux | 4.11 | affected |
| Linux | Linux | 0 < 4.11 | unaffected |
| Linux | Linux | 5.4.297 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.241 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.190 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.149 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.103 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.44 <= 6.12.* | unaffected |
| Linux | Linux | 6.16.4 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://cert-portal.siemens.com/productcert/html/ssa-032379.html
References
- https://git.kernel.org/stable/c/1096eb63ecfc8df90b70cd068e6de0c2ff204dfd
- https://git.kernel.org/stable/c/e1720eb32acf411c328af6a8c8f556c94535808e
- https://git.kernel.org/stable/c/0d59ce2bfc3bb13abe6240335a1bf7b96536d022
- https://git.kernel.org/stable/c/43d26997d88c4056fce0324e72f62556bc7e8e8d
- https://git.kernel.org/stable/c/981c845f29838e468a9bfa87f784307193a31297
- https://git.kernel.org/stable/c/87bfabb3b2f46827639173f143aa43f7cfc0a7e6
- https://git.kernel.org/stable/c/81278be4eb5f08ba2c68c3055893e61cc03727fe
- https://git.kernel.org/stable/c/9f9967fed9d066ed3dae9372b45ffa4f6fccfeef
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.