CVE-2025-23159
Published: May 3, 2025Last modified: May 3, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr->buf_size is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to allocated size for such cases.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.140-r0) |
| 25 LTS | linux-lts | Fixed (6.12.41-r0) | |
| Stream | linux-lts | Fixed (6.12.41-r0) |
References
- https://git.kernel.org/stable/c/1b8fb257234e7d2d4b3f48af07c5aa5e11c71634
- https://git.kernel.org/stable/c/4dd109038d513b92d4d33524ffc89ba32e02ba48
- https://git.kernel.org/stable/c/4e95233af57715d81830fe82b408c633edff59f4
- https://git.kernel.org/stable/c/530f623f56a6680792499a8404083e17f8ec51f4
- https://git.kernel.org/stable/c/5af611c70fb889d46d2f654b8996746e59556750
- https://git.kernel.org/stable/c/8879397c0da5e5ec1515262995e82cdfd61b282a
- https://git.kernel.org/stable/c/a062d8de0be5525ec8c52f070acf7607ec8cbfe4
- https://git.kernel.org/stable/c/d78a8388a27b265fcb2b8d064f088168ac9356b0
- https://git.kernel.org/stable/c/f4b211714bcc70effa60c34d9fa613d182e3ef1e
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html