CVE-2025-23157

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-23157
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23157.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-23157
Downstream
Related
Published
2025-05-01T13:15:51Z
Modified
2025-08-09T20:01:26Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

media: venus: hfi_parser: add check to avoid out of bound access

There is a possibility that initcodecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecscount can get incremented to value more than MAXCODECNUM, there can be OOB access. Reset the count so that it always starts from beginning.

References

Affected packages