26 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit. If venusprobe fails at pmruntimeputsync, it first calls hfiDestroy, and then hficoredeinit. Since hfiDestroy sets core-ops to NULL, hficoredeinit can no longer call the...
Azure Linux 3.0 Security Update: kernel (CVE-2025-23159)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23159 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle...
CLSA-2025-1763989962 Fix of 8 CVEs
CVE-url: https://ubuntu.com/security/CVE-2025-38352 - posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-url: https://ubuntu.com/security/CVE-2022-25265 - x86/elf: Add table to document READIMPLIESEXEC - x86/elf: Split READIMPLIESEXEC from executable PTGNUSTACK -...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989949)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989949 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venusprobe fails at pmruntimeputsync the...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989745)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989745 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venusprobe fails at pmruntimeputsync the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987394)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987394 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venusprobe fails at pmruntimeputsync the...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986441)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986441 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venusprobe fails at pmruntimeputsync the...
Linux Distros Unpatched Vulnerability : CVE-2025-23158
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: venus: hfi: add check to handle incorrect queue size qsize represents size of shared queued between driver and video firmware. Firmware can modify this...
Linux Distros Unpatched Vulnerability : CVE-2025-23157
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: venus: hfiparser: add check to avoid out of bound access There is a possibility that initcodecs is invoked multiple times during manipulated payload from...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Media: Venus: HFI – Add a check to handle incorrect queue size. qsize represents the size of the shared queue between the driver and the firmware. The firmware can modify this value to an invalid, large value. In such situations,...
SUSE CVE-2025-23158
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle incorrect queue size qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, emptyspace will be...
SUSE CVE-2025-23159
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr-bufsize is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to...
DEBIAN-CVE-2025-23158
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle incorrect queue size qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, emptyspace will be...
UBUNTU-CVE-2025-23158
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle incorrect queue size qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, emptyspace will be...
UBUNTU-CVE-2025-23159
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr-bufsize is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to...
CVE-2025-23159 media: venus: hfi: add a check to handle OOB in sfr region
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr-bufsize is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to...
CVE-2025-23159 media: venus: hfi: add a check to handle OOB in sfr region
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr-bufsize is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to...
PT-2025-18411
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the media: venus: hfi parser component. The issue arises when the init codecs function is invoked multiple times...
PT-2025-18413
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the media: venus: hfi component, where a check has been added to handle out-of-bounds OOB writes in the sfr...
PT-2025-18412
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been resolved in the Linux kernel, specifically in the media: venus: hfi component. The issue arises when the firmware modifies the qsize value to an invalid large...