CVE-2025-40114 in Linuxinformazioni

Riassunto

di MITRE • 18/04/2025

In the Linux kernel, the following vulnerability has been resolved:

iio: light: Add check for array bounds in veml6075_read_int_time_ms

The array contains only 5 elements, but the index calculated by veml6075_read_int_time_index can range from 0 to 7, which could lead to out-of-bounds access. The check prevents this issue.

Coverity Issue CID 1574309: (#1 of 1): Out-of-bounds read (OVERRUN) overrun-local: Overrunning array veml6075_it_ms of 5 4-byte elements at element index 7 (byte offset 31) using index int_index (which evaluates to 7)

This is hardening against potentially broken hardware. Good to have but not necessary to backport.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsabile

Linux

Prenotare

16/04/2025

Divulgazione

18/04/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00225

KEV

no

Attività

molto basso

Fonti

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!