CVE-2025-32776

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-32776
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-32776.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-32776
Aliases
  • GHSA-835j-6976-46jx
Downstream
Published
2025-04-15T16:32:20Z
Modified
2025-10-17T23:36:10.249090Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
OpenRazer Vulnerable to Out of Bounds Read
Details

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the matrix_custom_frame file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2.

References

Affected packages

Git / github.com/openrazer/openrazer

Affected ranges

Type
GIT
Repo
https://github.com/openrazer/openrazer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*

v1.0.0
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.17
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.7-2
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.2
v1.1.3
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9

v2.*

v2.0.0
v2.1
v2.1.1
v2.2.0
v2.2.1
v2.2.2
v2.3.0
v2.3.1
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.8.0
v2.9.0

v3.*

v3.0.0
v3.0.1
v3.1.0
v3.10.0
v3.10.1
v3.2.0
v3.3.0
v3.4.0
v3.5.0
v3.5.1
v3.6.0
v3.6.1
v3.7.0
v3.8.0
v3.9.0