{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-39710", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.116Z", "datePublished": "2025-09-05T17:21:17.243Z", "dateUpdated": "2025-09-05T17:21:17.243Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-05T17:21:17.243Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: Add a check for packet size after reading from shared memory\n\nAdd a check to ensure that the packet size does not exceed the number of\navailable words after reading the packet header from shared memory. This\nensures that the size provided by the firmware is safe to process and\nprevent potential out-of-bounds memory access."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/qcom/venus/hfi_venus.c"], "versions": [{"version": "d96d3f30c0f2f564f6922bf4ccdf4464992e31fb", "lessThan": "0520c89f6280d2b60ab537d5743601185ee7d8ab", "status": "affected", "versionType": "git"}, {"version": "d96d3f30c0f2f564f6922bf4ccdf4464992e31fb", "lessThan": "f5b7a943055a4a106d40a03bacd940e28cc1955f", "status": "affected", "versionType": "git"}, {"version": "d96d3f30c0f2f564f6922bf4ccdf4464992e31fb", "lessThan": "ef09b96665f16f3f0bac4e111160e6f24f1f8791", "status": "affected", "versionType": "git"}, {"version": "d96d3f30c0f2f564f6922bf4ccdf4464992e31fb", "lessThan": "7638bae4539dcebc3f68fda74ac35d73618ec440", "status": "affected", "versionType": "git"}, {"version": "d96d3f30c0f2f564f6922bf4ccdf4464992e31fb", "lessThan": "ba567c2e52fbcf0e20502746bdaa79e911c2e8cf", "status": "affected", "versionType": "git"}, {"version": "d96d3f30c0f2f564f6922bf4ccdf4464992e31fb", "lessThan": "2d8cea8310a245730816a1fd0c9fa4a5a3bdc68c", "status": "affected", "versionType": "git"}, {"version": "d96d3f30c0f2f564f6922bf4ccdf4464992e31fb", "lessThan": "f0cbd9386f974d310a0d20a02e4a1323e95ea654", "status": "affected", "versionType": "git"}, {"version": "d96d3f30c0f2f564f6922bf4ccdf4464992e31fb", "lessThan": "49befc830daa743e051a65468c05c2ff9e8580e6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/qcom/venus/hfi_venus.c"], "versions": [{"version": "4.13", "status": "affected"}, {"version": "0", "lessThan": "4.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.297", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.241", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.190", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.149", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.103", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.44", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.4", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "5.4.297"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "5.10.241"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "5.15.190"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "6.1.149"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "6.6.103"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "6.12.44"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "6.16.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "6.17-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0520c89f6280d2b60ab537d5743601185ee7d8ab"}, {"url": "https://git.kernel.org/stable/c/f5b7a943055a4a106d40a03bacd940e28cc1955f"}, {"url": "https://git.kernel.org/stable/c/ef09b96665f16f3f0bac4e111160e6f24f1f8791"}, {"url": "https://git.kernel.org/stable/c/7638bae4539dcebc3f68fda74ac35d73618ec440"}, {"url": "https://git.kernel.org/stable/c/ba567c2e52fbcf0e20502746bdaa79e911c2e8cf"}, {"url": "https://git.kernel.org/stable/c/2d8cea8310a245730816a1fd0c9fa4a5a3bdc68c"}, {"url": "https://git.kernel.org/stable/c/f0cbd9386f974d310a0d20a02e4a1323e95ea654"}, {"url": "https://git.kernel.org/stable/c/49befc830daa743e051a65468c05c2ff9e8580e6"}], "title": "media: venus: Add a check for packet size after reading from shared memory", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: Add a check for packet size after reading from shared memory\n\nAdd a check to ensure that the packet size does not exceed the number of\navailable words after reading the packet header from shared memory. This\nensures that the size provided by the firmware is safe to process and\nprevent potential out-of-bounds memory access."}], "id": "CVE-2025-39710", "lastModified": "2025-09-08T16:25:38.810", "metrics": {}, "published": "2025-09-05T18:15:48.333", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0520c89f6280d2b60ab537d5743601185ee7d8ab"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2d8cea8310a245730816a1fd0c9fa4a5a3bdc68c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/49befc830daa743e051a65468c05c2ff9e8580e6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7638bae4539dcebc3f68fda74ac35d73618ec440"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ba567c2e52fbcf0e20502746bdaa79e911c2e8cf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ef09b96665f16f3f0bac4e111160e6f24f1f8791"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f0cbd9386f974d310a0d20a02e4a1323e95ea654"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f5b7a943055a4a106d40a03bacd940e28cc1955f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: media: venus: Add a check for packet size after reading from shared memory", "id": "2393499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393499"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-39710", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-39710\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-39710\nhttps://lore.kernel.org/linux-cve-announce/2025090550-CVE-2025-39710-198c@gregkh/T"], "threat_severity": "Moderate"}