Out-of-bounds read in Linux kernel iio light driver



| Updated: 2025-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2025-40114
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU107682

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-40114

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the veml6075_read_uv_direct() function in drivers/iio/light/veml6075.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.12 - 6.14.1

CPE2.3 External links

https://git.kernel.org/stable/c/18a08b5632809faa671279b3cd27d5f96cc5a3f0
https://git.kernel.org/stable/c/7a40b52d4442178bee0cf1c36bc450ab951cef0f
https://git.kernel.org/stable/c/9c40a68b7f97fa487e6c7e67fcf4f846a1f96692
https://git.kernel.org/stable/c/ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.23
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###