SB2025090453 - Memory leak in Linux kernel qcom venus driver
Published: September 4, 2025
Security Bulletin ID
SB2025090453
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2025-38679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_seq_changed() function in drivers/media/platform/qcom/venus/hfi_msgs.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/06d6770ff0d8cc8dfd392329a8cc03e2a83e7289
- https://git.kernel.org/stable/c/6f08bfb5805637419902f3d70069fe17a404545b
- https://git.kernel.org/stable/c/8f274e2b05fdae7a53cee83979202b5ecb49035c
- https://git.kernel.org/stable/c/a3eef5847603cd8a4110587907988c3f93c9605a
- https://git.kernel.org/stable/c/bed4921055dd7bb4d2eea2729852ae18cf97a2c6
- https://git.kernel.org/stable/c/c956c3758510b448b3d4d10d1da8230e8c9bf668