SB20250502272 - Buffer overflow in Linux kernel qcom venus driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2025-23159)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the venus_sfr_print() function in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/1b8fb257234e7d2d4b3f48af07c5aa5e11c71634
• https://git.kernel.org/stable/c/4dd109038d513b92d4d33524ffc89ba32e02ba48
• https://git.kernel.org/stable/c/4e95233af57715d81830fe82b408c633edff59f4
• https://git.kernel.org/stable/c/530f623f56a6680792499a8404083e17f8ec51f4
• https://git.kernel.org/stable/c/5af611c70fb889d46d2f654b8996746e59556750
• https://git.kernel.org/stable/c/8879397c0da5e5ec1515262995e82cdfd61b282a
• https://git.kernel.org/stable/c/a062d8de0be5525ec8c52f070acf7607ec8cbfe4
• https://git.kernel.org/stable/c/d78a8388a27b265fcb2b8d064f088168ac9356b0
• https://git.kernel.org/stable/c/f4b211714bcc70effa60c34d9fa613d182e3ef1e
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.237
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.181
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.293
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.135
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.24
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88