CVE-2025-40114

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-40114
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40114.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-40114
Downstream
Published
2025-04-18T07:01:40.964Z
Modified
2026-03-20T12:43:11.115757Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
iio: light: Add check for array bounds in veml6075_read_int_time_ms
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: light: Add check for array bounds in veml6075readinttimems

The array contains only 5 elements, but the index calculated by veml6075readinttimeindex can range from 0 to 7, which could lead to out-of-bounds access. The check prevents this issue.

Coverity Issue CID 1574309: (#1 of 1): Out-of-bounds read (OVERRUN) overrun-local: Overrunning array veml6075itms of 5 4-byte elements at element index 7 (byte offset 31) using index int_index (which evaluates to 7)

This is hardening against potentially broken hardware. Good to have but not necessary to backport.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40114.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3b82f43238aecd73464aeacc9c73407079511533
Fixed
7a40b52d4442178bee0cf1c36bc450ab951cef0f
Fixed
18a08b5632809faa671279b3cd27d5f96cc5a3f0
Fixed
9c40a68b7f97fa487e6c7e67fcf4f846a1f96692
Fixed
ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40114.json"