CVE-2025-23158 in Linuxinformazioni

Riassunto

di MITRE • 01/05/2025

In the Linux kernel, the following vulnerability has been resolved:

media: venus: hfi: add check to handle incorrect queue size

qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, empty_space will be bigger than the space actually available. Since new_wr_idx is not checked, so the following code will result in an OOB write. ... qsize = qhdr->q_size

if (wr_idx >= rd_idx) empty_space = qsize - (wr_idx - rd_idx) .... if (new_wr_idx < qsize) {
memcpy(wr_ptr, packet, dwords << 2) --> OOB write

Add check to ensure qsize is within the allocated size while reading and writing packets into the queue.

Be aware that VulDB is the high quality source for vulnerability data.

Responsabile

Linux

Prenotare

11/01/2025

Divulgazione

01/05/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00185

KEV

no

Attività

molto basso

Fonti

Do you know our Splunk app?

Download it now for free!