VYPR
Unrated severityNVD Advisory· Published May 1, 2025· Updated Nov 3, 2025

media: venus: hfi: add check to handle incorrect queue size

CVE-2025-23158

Description

In the Linux kernel, the following vulnerability has been resolved:

media: venus: hfi: add check to handle incorrect queue size

qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, empty_space will be bigger than the space actually available. Since new_wr_idx is not checked, so the following code will result in an OOB write. ... qsize = qhdr->q_size

if (wr_idx >= rd_idx) empty_space = qsize - (wr_idx - rd_idx) .... if (new_wr_idx < qsize) { memcpy(wr_ptr, packet, dwords << 2) --> OOB write

Add check to ensure qsize is within the allocated size while reading and writing packets into the queue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

80

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.