CVE-2025-23157
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-23157
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23157.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-23157
- Downstream
- Related
- Published
- 2025-05-01T13:15:51Z
- Modified
- 2025-08-09T20:01:26Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
media: venus: hfi_parser: add check to avoid out of bound access
There is a possibility that initcodecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecscount can get incremented to value more than MAXCODECNUM, there can be OOB access. Reset the count so that it always starts from beginning.
- References
-
- https://git.kernel.org/stable/c/172bf5a9ef70a399bb227809db78442dc01d9e48
- https://git.kernel.org/stable/c/1ad6aa1464b8a5ce5c194458315021e8d216108e
- https://git.kernel.org/stable/c/26bbedd06d85770581fda5d78e78539bb088fad1
- https://git.kernel.org/stable/c/2b8b9ea4e26a501eb220ea189e42b4527e65bdfa
- https://git.kernel.org/stable/c/53e376178ceacca3ef1795038b22fc9ef45ff1d3
- https://git.kernel.org/stable/c/b2541e29d82da8a0df728aadec3e0a8db55d517b
- https://git.kernel.org/stable/c/cb5be9039f91979f8a2fac29f529f746d7848f3e
- https://git.kernel.org/stable/c/d4d88ece4ba91df5b02f1d3f599650f9e9fc0f45
- https://git.kernel.org/stable/c/e5133a0b25463674903fdc0528e0a29b7267130e