VYPR
Medium severity5.5NVD Advisory· Published Sep 11, 2025· Updated Jun 17, 2026

CVE-2025-39787

CVE-2025-39787

Description

In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: mdt_loader: Ensure we don't read past the ELF header

When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients.

Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. e_phentsize and e_shentsize are validated as well, to ensure that the assumptions about step size in the traversal are valid.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

122

Patches

Vulnerability mechanics

References

12

News mentions

1