VDB
DEBIAN-CVE-2025-23156
DEBIAN-CVE-2025-23156
PUBLISHED
CVSS 7.099999904632568 HIGH
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: refactor hfi packet parsing logic words_count denotes the number of words in total payload, while data points to payload of various property within it. When words_count reaches last word, data can access memory beyond the total payload. This can lead to OOB access. With this patch, the utility api for handling individual properties now returns the size of data consumed. Accordingly remaining bytes are calculated before parsing the payload, thereby eliminates the OOB access possibilities.
Risk Scores
CVSS v3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | linux | 0, 0 |
| Debian:12 | linux | 6.1.55-1, 6.1.55-1~bpo11+1, 6.1.64-1 |
| Debian:11 | linux-6.1 | 0, 6.1.106-3~deb11u1, 6.1.106-3~deb11u2 |
| Debian:11 | linux | 5.10.70-1, 0, 5.10.103-1 |
| Debian:13 | linux | 0, 0 |
Timeline
- May 1, 2025 CVE Published
- Apr 28, 2026 CVE Updated