DEBIAN-CVE-2025-23159

DEBIAN-CVE-2025-23159 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr->buf_size is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to allocated size for such cases.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	linux	0, 0
Debian:13	linux	0, 0
Debian:11	linux-6.1	6.1.128-1~deb11u1, *, 0
Debian:12	linux	6.1.99-1, 6.1.94-1, 0
Debian:11	linux	5.10.92-1, 0, 5.10.103-1

Timeline

May 1, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-23159 advisory

Open in Interactive Console →