| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050130-CVE-2025-23157-963e@gregkh> Date: Thu, 1 May 2025 14:56:37 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-23157: media: venus: hfi_parser: add check to avoid out of bound access From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: add check to avoid out of bound access There is a possibility that init_codecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecs_count can get incremented to value more than MAX_CODEC_NUM, there can be OOB access. Reset the count so that it always starts from beginning. The Linux kernel CVE team has assigned CVE-2025-23157 to this issue. Affected and fixed versions =========================== Issue introduced in 4.19 with commit 1a73374a04e555103e5369429a30999114001dda and fixed in 6.1.135 with commit 26bbedd06d85770581fda5d78e78539bb088fad1 Issue introduced in 4.19 with commit 1a73374a04e555103e5369429a30999114001dda and fixed in 6.6.88 with commit d4d88ece4ba91df5b02f1d3f599650f9e9fc0f45 Issue introduced in 4.19 with commit 1a73374a04e555103e5369429a30999114001dda and fixed in 6.12.24 with commit 53e376178ceacca3ef1795038b22fc9ef45ff1d3 Issue introduced in 4.19 with commit 1a73374a04e555103e5369429a30999114001dda and fixed in 6.13.12 with commit b2541e29d82da8a0df728aadec3e0a8db55d517b Issue introduced in 4.19 with commit 1a73374a04e555103e5369429a30999114001dda and fixed in 6.14.3 with commit cb5be9039f91979f8a2fac29f529f746d7848f3e Issue introduced in 4.19 with commit 1a73374a04e555103e5369429a30999114001dda and fixed in 6.15-rc1 with commit 172bf5a9ef70a399bb227809db78442dc01d9e48 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-23157 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/platform/qcom/venus/hfi_parser.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/26bbedd06d85770581fda5d78e78539bb088fad1 https://git.kernel.org/stable/c/d4d88ece4ba91df5b02f1d3f599650f9e9fc0f45 https://git.kernel.org/stable/c/53e376178ceacca3ef1795038b22fc9ef45ff1d3 https://git.kernel.org/stable/c/b2541e29d82da8a0df728aadec3e0a8db55d517b https://git.kernel.org/stable/c/cb5be9039f91979f8a2fac29f529f746d7848f3e https://git.kernel.org/stable/c/172bf5a9ef70a399bb227809db78442dc01d9e48
Powered by blists - more mailing lists