CVE-2025-38679 media: venus: Fix OOB read due to missing payload bound check

🗓️ 04 Sep 2025 15:32:35Reported by LinuxType

Fix OOB read in venus event_seq_changed by validating remaining payload size before each property access.

Reporter	Title	Published	Views	Family All 118
AstraLinux	Astra Linux - уязвимость в linux-6.1	20 May 202605:53	–	astralinux
CBLMariner	CVE-2025-38679 affecting package kernel for versions less than 6.6.104.2-1	1 Oct 202519:21	–	cbl_mariner
Circl	CVE-2025-38679	3 Dec 202514:14	–	circl
CNNVD	Linux kernel 安全漏洞	4 Sep 202500:00	–	cnnvd
CVE	CVE-2025-38679	4 Sep 202515:32	–	cve
Debian	[SECURITY] [DLA 4328-1] linux-6.1 security update	13 Oct 202509:16	–	debian
Debian	[SECURITY] [DSA 6009-1] linux security update	22 Sep 202521:10	–	debian
Debian CVE	CVE-2025-38679	4 Sep 202515:32	–	debiancve
Tenable Nessus	Debian dla-4328 : linux-config-6.1 - security update	13 Oct 202500:00	–	nessus
Tenable Nessus	Debian dsa-6009 : affs-modules-6.1.0-37-4kc-malta-di - security update	22 Sep 202500:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/media/platform/qcom/venus/hfi_msgs.c"
    ],
    "versions": [
      {
        "version": "09c2845e8fe4fcab942929480203f504a6e0a114",
        "lessThan": "a3eef5847603cd8a4110587907988c3f93c9605a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "09c2845e8fe4fcab942929480203f504a6e0a114",
        "lessThan": "8f274e2b05fdae7a53cee83979202b5ecb49035c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "09c2845e8fe4fcab942929480203f504a6e0a114",
        "lessThan": "6f08bfb5805637419902f3d70069fe17a404545b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "09c2845e8fe4fcab942929480203f504a6e0a114",
        "lessThan": "c956c3758510b448b3d4d10d1da8230e8c9bf668",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "09c2845e8fe4fcab942929480203f504a6e0a114",
        "lessThan": "bed4921055dd7bb4d2eea2729852ae18cf97a2c6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "09c2845e8fe4fcab942929480203f504a6e0a114",
        "lessThan": "06d6770ff0d8cc8dfd392329a8cc03e2a83e7289",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/media/platform/qcom/venus/hfi_msgs.c"
    ],
    "versions": [
      {
        "version": "4.13",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.13",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.1.149",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.103",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.43",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.15.11",
        "lessThanOrEqual": "6.15.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.16.2",
        "lessThanOrEqual": "6.16.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/a3eef5847603cd8a4110587907988c3f93c9605a
git	www.git.kernel.org/stable/c/bed4921055dd7bb4d2eea2729852ae18cf97a2c6
git	www.git.kernel.org/stable/c/8f274e2b05fdae7a53cee83979202b5ecb49035c
git	www.git.kernel.org/stable/c/06d6770ff0d8cc8dfd392329a8cc03e2a83e7289
git	www.git.kernel.org/stable/c/6f08bfb5805637419902f3d70069fe17a404545b
git	www.git.kernel.org/stable/c/c956c3758510b448b3d4d10d1da8230e8c9bf668

11 May 2026 21:32Current

EPSS0.00017