CVE-2025-23157

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: add check to avoid out of bound access There is a possibility that init_codecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecs_count can get incremented to value more than MAX_CODEC_NUM, there can be OOB access. Reset the count so that it always starts from beginning.

CVSS

No CVSS.

References

Link	Resource
https://git.kernel.org/stable/c/172bf5a9ef70a399bb227809db78442dc01d9e48
https://git.kernel.org/stable/c/1ad6aa1464b8a5ce5c194458315021e8d216108e
https://git.kernel.org/stable/c/26bbedd06d85770581fda5d78e78539bb088fad1
https://git.kernel.org/stable/c/2b8b9ea4e26a501eb220ea189e42b4527e65bdfa
https://git.kernel.org/stable/c/53e376178ceacca3ef1795038b22fc9ef45ff1d3
https://git.kernel.org/stable/c/b2541e29d82da8a0df728aadec3e0a8db55d517b
https://git.kernel.org/stable/c/cb5be9039f91979f8a2fac29f529f746d7848f3e
https://git.kernel.org/stable/c/d4d88ece4ba91df5b02f1d3f599650f9e9fc0f45
https://git.kernel.org/stable/c/e5133a0b25463674903fdc0528e0a29b7267130e
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Configurations

No configuration.

History

03 Nov 2025, 20:17

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html - () https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -

02 May 2025, 13:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 13:15

Updated : 2025-11-03 20:17

NVD link : CVE-2025-23157

Mitre link : CVE-2025-23157

CVE.ORG link : CVE-2025-23157

JSON object : View

Products Affected

No product.

CWE

No CWE.

{"id": "CVE-2025-23157", "cveTags": [], "metrics": {}, "published": "2025-05-01T13:15:51.623", "references": [{"url": "https://git.kernel.org/stable/c/172bf5a9ef70a399bb227809db78442dc01d9e48", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1ad6aa1464b8a5ce5c194458315021e8d216108e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/26bbedd06d85770581fda5d78e78539bb088fad1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2b8b9ea4e26a501eb220ea189e42b4527e65bdfa", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/53e376178ceacca3ef1795038b22fc9ef45ff1d3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b2541e29d82da8a0df728aadec3e0a8db55d517b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cb5be9039f91979f8a2fac29f529f746d7848f3e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d4d88ece4ba91df5b02f1d3f599650f9e9fc0f45", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e5133a0b25463674903fdc0528e0a29b7267130e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Undergoing Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi_parser: add check to avoid out of bound access\n\nThere is a possibility that init_codecs is invoked multiple times during\nmanipulated payload from video firmware. In such case, if codecs_count\ncan get incremented to value more than MAX_CODEC_NUM, there can be OOB\naccess. Reset the count so that it always starts from beginning."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: venus: hfi_parser: a\u00f1adir comprobaci\u00f3n para evitar accesos fuera de los l\u00edmites. Existe la posibilidad de que init_codecs se invoque varias veces durante la manipulaci\u00f3n de la carga \u00fatil del firmware de v\u00eddeo. En tal caso, si codecs_count se incrementa a un valor superior a MAX_CODEC_NUM, puede haber accesos fuera de los l\u00edmites. Restablezca el contador para que siempre comience desde el principio."}], "lastModified": "2025-11-03T20:17:46.553", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}