CVE-2025-38679Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read21 documents8 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 98.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 4
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The event_seq_changed() handler processes a variable number of properties sent by the firmware. The number of properties is indicated by the firmware and used to iterate over the payload. However, the payload size is not being validated against the actual message length. This can lead to out-of-bounds memory access if the firmware provides a property cou

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

NVDlinux/linux_kernel4.136.1.149+4
Debianlinux/linux_kernel< 6.1.153-1+2
CVEListV5linux/linux09c2845e8fe4fcab942929480203f504a6e0a114a3eef5847603cd8a4110587907988c3f93c9605a+6

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-5hm5-7p65-wrq6: In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The eve2025-09-05
CVEList
media: venus: Fix OOB read due to missing payload bound check2025-09-04
OSV
CVE-2025-38679: In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The event2025-09-04

📋Vendor Advisories

17
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24
CVE-2025-38679 — Out-of-bounds Read in Linux | cvebase