CVE-2025-32776

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39
https://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f
https://github.com/openrazer/openrazer/issues/2433
https://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx
https://lists.debian.org/debian-lts-announce/2025/04/msg00032.html

Configurations

No configuration.

History

03 Nov 2025, 20:18

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/04/msg00032.html -
Summary		(es) OpenRazer es un controlador de código abierto y un daemon de espacio de usuario para controlar la iluminación de dispositivos Razer y otras funciones en GNU/Linux. Al escribir datos especialmente manipulados en el archivo `matrix_custom_frame`, un atacante puede provocar que el controlador de kernel personalizado lea más bytes de los que proporciona el espacio de usuario. Estos datos se escribirán en los argumentos RGB que se enviarán al dispositivo USB. Este problema se ha corregido en la versión 3.10.2.

15 Apr 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-15 17:15

Updated : 2025-11-03 20:18

NVD link : CVE-2025-32776

Mitre link : CVE-2025-32776

CVE.ORG link : CVE-2025-32776

JSON object : View

Products Affected

No product.

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2025-32776", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-04-15T17:15:49.730", "references": [{"url": "https://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39", "source": "security-advisories@github.com"}, {"url": "https://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f", "source": "security-advisories@github.com"}, {"url": "https://github.com/openrazer/openrazer/issues/2433", "source": "security-advisories@github.com"}, {"url": "https://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx", "source": "security-advisories@github.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00032.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2."}, {"lang": "es", "value": "OpenRazer es un controlador de c\u00f3digo abierto y un daemon de espacio de usuario para controlar la iluminaci\u00f3n de dispositivos Razer y otras funciones en GNU/Linux. Al escribir datos especialmente manipulados en el archivo `matrix_custom_frame`, un atacante puede provocar que el controlador de kernel personalizado lea m\u00e1s bytes de los que proporciona el espacio de usuario. Estos datos se escribir\u00e1n en los argumentos RGB que se enviar\u00e1n al dispositivo USB. Este problema se ha corregido en la versi\u00f3n 3.10.2."}], "lastModified": "2025-11-03T20:18:28.297", "sourceIdentifier": "security-advisories@github.com"}