{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-23159","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-01-11T14:28:41.515Z","datePublished":"2025-05-01T12:55:44.695Z","dateUpdated":"2026-05-11T21:14:06.776Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:14:06.776Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: add a check to handle OOB in sfr region\n\nsfr->buf_size is in shared memory and can be modified by malicious user.\nOOB write is possible when the size is made higher than actual sfr data\nbuffer. Cap the size to allocated size for such cases."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/platform/qcom/venus/hfi_venus.c"],"versions":[{"version":"d96d3f30c0f2f564f6922bf4ccdf4464992e31fb","lessThan":"4dd109038d513b92d4d33524ffc89ba32e02ba48","status":"affected","versionType":"git"},{"version":"d96d3f30c0f2f564f6922bf4ccdf4464992e31fb","lessThan":"8879397c0da5e5ec1515262995e82cdfd61b282a","status":"affected","versionType":"git"},{"version":"d96d3f30c0f2f564f6922bf4ccdf4464992e31fb","lessThan":"1b8fb257234e7d2d4b3f48af07c5aa5e11c71634","status":"affected","versionType":"git"},{"version":"d96d3f30c0f2f564f6922bf4ccdf4464992e31fb","lessThan":"4e95233af57715d81830fe82b408c633edff59f4","status":"affected","versionType":"git"},{"version":"d96d3f30c0f2f564f6922bf4ccdf4464992e31fb","lessThan":"5af611c70fb889d46d2f654b8996746e59556750","status":"affected","versionType":"git"},{"version":"d96d3f30c0f2f564f6922bf4ccdf4464992e31fb","lessThan":"530f623f56a6680792499a8404083e17f8ec51f4","status":"affected","versionType":"git"},{"version":"d96d3f30c0f2f564f6922bf4ccdf4464992e31fb","lessThan":"a062d8de0be5525ec8c52f070acf7607ec8cbfe4","status":"affected","versionType":"git"},{"version":"d96d3f30c0f2f564f6922bf4ccdf4464992e31fb","lessThan":"d78a8388a27b265fcb2b8d064f088168ac9356b0","status":"affected","versionType":"git"},{"version":"d96d3f30c0f2f564f6922bf4ccdf4464992e31fb","lessThan":"f4b211714bcc70effa60c34d9fa613d182e3ef1e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/platform/qcom/venus/hfi_venus.c"],"versions":[{"version":"4.13","status":"affected"},{"version":"0","lessThan":"4.13","status":"unaffected","versionType":"semver"},{"version":"5.4.293","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.237","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.181","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.135","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.88","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.24","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.12","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14.3","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.4.293"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.10.237"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.15.181"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.1.135"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.6.88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.12.24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.13.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.14.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4dd109038d513b92d4d33524ffc89ba32e02ba48"},{"url":"https://git.kernel.org/stable/c/8879397c0da5e5ec1515262995e82cdfd61b282a"},{"url":"https://git.kernel.org/stable/c/1b8fb257234e7d2d4b3f48af07c5aa5e11c71634"},{"url":"https://git.kernel.org/stable/c/4e95233af57715d81830fe82b408c633edff59f4"},{"url":"https://git.kernel.org/stable/c/5af611c70fb889d46d2f654b8996746e59556750"},{"url":"https://git.kernel.org/stable/c/530f623f56a6680792499a8404083e17f8ec51f4"},{"url":"https://git.kernel.org/stable/c/a062d8de0be5525ec8c52f070acf7607ec8cbfe4"},{"url":"https://git.kernel.org/stable/c/d78a8388a27b265fcb2b8d064f088168ac9356b0"},{"url":"https://git.kernel.org/stable/c/f4b211714bcc70effa60c34d9fa613d182e3ef1e"}],"title":"media: venus: hfi: add a check to handle OOB in sfr region","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:42:59.661Z"}}]}}