CVE-2025-71136

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()

It's possible for cp_read() and hdmi_read() to return -EIO. Those values are further used as indexes for accessing arrays.

Fix that by checking return values where it's needed.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa89bcd4c6c2023615a89001b5a11b0bb77eb9491 < f81ee181cb036d046340c213091b69d9a8701a76affected
LinuxLinuxa89bcd4c6c2023615a89001b5a11b0bb77eb9491 < f913b9a2ccd6114b206b9e91dae5e3dc13a415a0affected
LinuxLinuxa89bcd4c6c2023615a89001b5a11b0bb77eb9491 < d6a22a4a96e4dfe6897cb3532d2b3016d87706f0affected
LinuxLinuxa89bcd4c6c2023615a89001b5a11b0bb77eb9491 < a73881ae085db5702d8b13e2fc9f78d51c723d3faffected
LinuxLinuxa89bcd4c6c2023615a89001b5a11b0bb77eb9491 < 60dde0960e3ead8a9569f6c494d90d0232ac0983affected
LinuxLinuxa89bcd4c6c2023615a89001b5a11b0bb77eb9491 < b693d48a6ed0cd09171103ad418e4a693203d6e4affected
LinuxLinuxa89bcd4c6c2023615a89001b5a11b0bb77eb9491 < 8163419e3e05d71dcfa8fb49c8fdf8d76908fe51affected
LinuxLinux3.12affected
LinuxLinux0 < 3.12unaffected
LinuxLinux5.10.248 <= 5.10.*unaffected
LinuxLinux5.15.198 <= 5.15.*unaffected
LinuxLinux6.1.160 <= 6.1.*unaffected
LinuxLinux6.6.120 <= 6.6.*unaffected
LinuxLinux6.12.64 <= 6.12.*unaffected
LinuxLinux6.18.4 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References