AZL-67211

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67211.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-67211

Upstream

CVE-2025-39787

Published

2025-09-11T17:15:44Z

Modified

2026-04-01T05:21:48.495424Z

Summary

CVE-2025-39787 affecting package kernel for versions less than 6.6.104.2-1

Details

In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: mdt_loader: Ensure we don't read past the ELF header

When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients.

Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. ephentsize and eshentsize are validated as well, to ensure that the assumptions about step size in the traversal are valid.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-39787

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.104.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67211.json"