PT-2025-18410 · Linux+6 · Linux Kernel+6

Published

2025-03-03

·

Updated

2026-04-20

·

CVE-2025-23156

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved, specifically in the media: venus: hfi parser component. The issue arises when words count reaches the last word in the payload, allowing data to access memory beyond the total payload, potentially leading to out-of-bounds (OOB) access. The patch refactors the HFI packet parsing logic, and the utility API for handling individual properties now returns the size of data consumed, eliminating the possibility of OOB access.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2025-11888
CVE-2025-23156
DLA-4178-1
DLA-4193-1
ECHO-3BFB-AAC3-B834
OESA-2025-1625
OESA-2025-1627
OESA-2025-1628
OESA-2025-1629
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu