CVE-2025-23157

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-23157
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23157.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-23157
Downstream
Related
Published
2025-05-01T12:55:43.193Z
Modified
2026-03-20T12:41:22.249472Z
Summary
media: venus: hfi_parser: add check to avoid out of bound access
Details

In the Linux kernel, the following vulnerability has been resolved:

media: venus: hfi_parser: add check to avoid out of bound access

There is a possibility that initcodecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecscount can get incremented to value more than MAXCODECNUM, there can be OOB access. Reset the count so that it always starts from beginning.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23157.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1a73374a04e555103e5369429a30999114001dda
Fixed
e5133a0b25463674903fdc0528e0a29b7267130e
Fixed
2b8b9ea4e26a501eb220ea189e42b4527e65bdfa
Fixed
1ad6aa1464b8a5ce5c194458315021e8d216108e
Fixed
26bbedd06d85770581fda5d78e78539bb088fad1
Fixed
d4d88ece4ba91df5b02f1d3f599650f9e9fc0f45
Fixed
53e376178ceacca3ef1795038b22fc9ef45ff1d3
Fixed
b2541e29d82da8a0df728aadec3e0a8db55d517b
Fixed
cb5be9039f91979f8a2fac29f529f746d7848f3e
Fixed
172bf5a9ef70a399bb227809db78442dc01d9e48

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23157.json"