CVE-2025-39710
Description
In the Linux kernel, the following vulnerability has been resolved:
media: venus: Add a check for packet size after reading from shared memory
Add a check to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory. This ensures that the size provided by the firmware is safe to process and prevent potential out-of-bounds memory access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's venus driver, a missing size check after reading packet header from shared memory could lead to out-of-bounds memory access.
Vulnerability
Description CVE-2025-39710 is a high-severity vulnerability in the Linux kernel's Qualcomm Venus media driver. The issue arises when processing packets read from shared memory: the driver reads a packet header that includes a size field but fails to validate that the size does not exceed the number of available words. This oversight can lead to out-of-bounds memory access. [1]
Exploitation
An attacker with local access could potentially exploit this by controlling the firmware's shared memory content, causing the driver to interpret a malformed packet with an excessively large size. No special privileges or user interaction beyond triggering the venus driver operation are required. [1]
Impact
Successful exploitation could allow an attacker to read or write beyond allocated memory buffers, potentially leading to information disclosure, denial of service, or arbitrary code execution in kernel context. The CVSS v3 score of 7.1 reflects the high impact but relatively low attack complexity.
Mitigation
The fix was introduced in mainline Linux kernel and backported to stable branches. The Siemens advisory lists SIMATIC CN 4100 (versions < V5.0) as affected, recommending firmware updates. Users should apply the latest kernel patches from their distribution or vendor. [2][3][4]
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 4.13
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- git.kernel.org/stable/c/0520c89f6280d2b60ab537d5743601185ee7d8abnvdPatch
- git.kernel.org/stable/c/2d8cea8310a245730816a1fd0c9fa4a5a3bdc68cnvdPatch
- git.kernel.org/stable/c/49befc830daa743e051a65468c05c2ff9e8580e6nvdPatch
- git.kernel.org/stable/c/7638bae4539dcebc3f68fda74ac35d73618ec440nvdPatch
- git.kernel.org/stable/c/ba567c2e52fbcf0e20502746bdaa79e911c2e8cfnvdPatch
- git.kernel.org/stable/c/ef09b96665f16f3f0bac4e111160e6f24f1f8791nvdPatch
- git.kernel.org/stable/c/f0cbd9386f974d310a0d20a02e4a1323e95ea654nvdPatch
- git.kernel.org/stable/c/f5b7a943055a4a106d40a03bacd940e28cc1955fnvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdMailing ListThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories