CVE-2025-39710
HIGHLinux Kernel - Out-of-bounds Read in Venus Media Packet Processing
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory. This ensures that the size provided by the firmware is safe to process and prevent potential out-of-bounds memory access.
References (11)
Core 11
Core References
Third Party Advisory, Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory, Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-032379.html
Scores
CVSS v3
7.1
EPSS
0.0015
EPSS Percentile
4.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (27)
debian/debian_linux
11.0
linux/Kernel
4.13.0 - 5.4.297linux
linux/Kernel
5.11.0 - 5.15.190linux
linux/Kernel
5.16.0 - 6.1.149linux
linux/Kernel
5.5.0 - 5.10.241linux
linux/Kernel
6.13.0 - 6.16.4linux
linux/Kernel
6.2.0 - 6.6.103linux
linux/Kernel
6.7.0 - 6.12.44linux
Linux/Linux
< 4.13
Linux/Linux
4.13
... and 17 more
Published
Sep 05, 2025
Tracked Since
Feb 18, 2026