CVE-2025-23156

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-23156

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23156.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-23156

Downstream

BELL-CVE-2025-23156

DEBIAN-CVE-2025-23156

DLA-4178-1

DLA-4193-1

ECHO-3bfb-aac3-b834

OESA-2025-1625

OESA-2025-1627

OESA-2025-1628

OESA-2025-1629

SUSE-SU-2025:01964-1

SUSE-SU-2025:01965-1

SUSE-SU-2025:02923-1

UBUNTU-CVE-2025-23156

USN-7594-1

USN-7594-2

USN-7594-3

USN-7654-1

USN-7654-2

USN-7654-3

USN-7654-4

USN-7654-5

USN-7655-1

USN-7686-1

USN-7711-1

USN-7712-1

USN-7712-2

Related

Published

2025-05-01T13:15:51Z

Modified

2025-08-09T19:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

media: venus: hfi_parser: refactor hfi packet parsing logic

wordscount denotes the number of words in total payload, while data points to payload of various property within it. When wordscount reaches last word, data can access memory beyond the total payload. This can lead to OOB access. With this patch, the utility api for handling individual properties now returns the size of data consumed. Accordingly remaining bytes are calculated before parsing the payload, thereby eliminates the OOB access possibilities.

References

Affected packages