Acknowledged
Created: Sep 4, 2025
Updated: Sep 8, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]media: venus: Fix OOB read due to missing payload bound check[EOL][EOL]Currently, The event_seq_changed() handler processes a variable number[EOL]of properties sent by the firmware. The number of properties is indicated[EOL]by the firmware and used to iterate over the payload. However, the[EOL]payload size is not being validated against the actual message length.[EOL][EOL]This can lead to out-of-bounds memory access if the firmware provides a[EOL]property count that exceeds the data available in the payload. Such a[EOL]condition can result in kernel crashes or potential information leaks if[EOL]memory beyond the buffer is accessed.[EOL][EOL]Fix this by properly validating the remaining size of the payload before[EOL]each property access and updating bounds accordingly as properties are[EOL]parsed.[EOL][EOL]This ensures that property parsing is safely bounded within the received[EOL]message buffer and protects against malformed or malicious firmware[EOL]behavior.
CREATE(Triage):(User=admin) [CVE-2025-38679 (https://nvd.nist.gov/vuln/detail/CVE-2025-38679)
