{"id":"CVE-2025-23159","summary":"media: venus: hfi: add a check to handle OOB in sfr region","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: add a check to handle OOB in sfr region\n\nsfr-\u003ebuf_size is in shared memory and can be modified by malicious user.\nOOB write is possible when the size is made higher than actual sfr data\nbuffer. Cap the size to allocated size for such cases.","modified":"2026-04-02T12:45:24.404803Z","published":"2025-05-01T12:55:44.695Z","related":["SUSE-SU-2025:01964-1","SUSE-SU-2025:01965-1","SUSE-SU-2025:02000-1","SUSE-SU-2025:02254-1","SUSE-SU-2025:02307-1","SUSE-SU-2025:02333-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:20408-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20419-1","SUSE-SU-2025:20421-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23159.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1b8fb257234e7d2d4b3f48af07c5aa5e11c71634"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4dd109038d513b92d4d33524ffc89ba32e02ba48"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4e95233af57715d81830fe82b408c633edff59f4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/530f623f56a6680792499a8404083e17f8ec51f4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5af611c70fb889d46d2f654b8996746e59556750"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8879397c0da5e5ec1515262995e82cdfd61b282a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a062d8de0be5525ec8c52f070acf7607ec8cbfe4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d78a8388a27b265fcb2b8d064f088168ac9356b0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f4b211714bcc70effa60c34d9fa613d182e3ef1e"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23159.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23159"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d96d3f30c0f2f564f6922bf4ccdf4464992e31fb"},{"fixed":"4dd109038d513b92d4d33524ffc89ba32e02ba48"},{"fixed":"8879397c0da5e5ec1515262995e82cdfd61b282a"},{"fixed":"1b8fb257234e7d2d4b3f48af07c5aa5e11c71634"},{"fixed":"4e95233af57715d81830fe82b408c633edff59f4"},{"fixed":"5af611c70fb889d46d2f654b8996746e59556750"},{"fixed":"530f623f56a6680792499a8404083e17f8ec51f4"},{"fixed":"a062d8de0be5525ec8c52f070acf7607ec8cbfe4"},{"fixed":"d78a8388a27b265fcb2b8d064f088168ac9356b0"},{"fixed":"f4b211714bcc70effa60c34d9fa613d182e3ef1e"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23159.json"}}],"schema_version":"1.7.5"}