CVE-2025-23157

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-23157
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23157.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-23157
Downstream
Related
Published
2025-05-01T12:55:43.193Z
Modified
2026-05-15T11:54:40.586761079Z
Summary
media: venus: hfi_parser: add check to avoid out of bound access
Details

In the Linux kernel, the following vulnerability has been resolved:

media: venus: hfi_parser: add check to avoid out of bound access

There is a possibility that initcodecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecscount can get incremented to value more than MAXCODECNUM, there can be OOB access. Reset the count so that it always starts from beginning.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23157.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.19.0
Fixed
5.4.293
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.237
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.181
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.135
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.88
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.24
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.12
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23157.json"